Ctccw32.dll écrit au démarrage

Résolu
Julien -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour à toutes et à tous.

Ah, le week-end, le moment idéal pour combattre des virus ! ;-)

Depuis deux jours, au démarrage de mon PC, j'ai le message suivant :

Rundll
Erreur de chargement de ctccw32.dll
Module spécifié introuvable.

Je suis alors passé en mode sans échec et ai fait un scan complet de AVG antispyware (qui a trouvé un truc appelé OSA09, de mémoire) que j'ai viré.

Suite à ça, scan tjs en mode sans échec avec Antivir. qui a trouvé TR/drop.agen.ru.2.A situé dans le system 32 (absolument pas la moindre idée de ce que c'est, le system32, sauf que les virus y élisent souvent domiciles, les sagouins). Celui-ci est en quarantaine, j'ai préféré de pas l'enlever sans vous consulter avant.

J'ai aussi fait un petit checkdisk avec Tune Up, histoire de. Mais le message demeure. Pour le moment, ce n'est pas bien grave, juste un message au démarrage. Mais on n'est jamais trop prudent.

D'où ma demande d'aide.

Ayant déjà été sur ce forum (et merci à ceux qui m'ont aidé avant), je sais que vous êtes de grands fan d'Hijackthis, je poste doc un rapport ci-dessous ! :-)

Merci d'avance pour l'aide que vous m'apporterez.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:38, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Profils\root\Mes documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/fr/shockwave/download/triggerpages_mmcom/default.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7980 bytes
Configuration: Windows XP
Firefox 2.0.0.13

3 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd

    _____________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    ______________________

    colle un rapport avec antivir que tu as
    0
    1. Julien
       
      Waouh, merci pour la rapidité de la réponse !

      J'ai corrigé la ligne sous Hijakcthis, j'ai fait le combofix renommé, voilà la rapport :

      ComboFix 08-04-11.8 - root 2008-04-12 18:54:17.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1563 [GMT 2:00]
      Endroit: C:\Profils\root\Bureau\Combo-Fix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\pskill.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-12 02:36 . 2008-04-12 02:36 <REP> d-------- C:\Program Files\Bonjour
      2008-04-12 02:23 . 2008-04-12 02:23 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
      2008-04-11 02:39 . 2008-04-11 02:39 283 --a------ C:\WINDOWS\comm.bin
      2008-04-09 22:30 . 2008-04-09 22:30 <REP> d-------- C:\Profils\All Users\Application Data\FLEXnet
      2008-04-07 16:49 . 2008-04-07 16:49 49,796 --ah----- C:\WINDOWS\system32\mlfcache.dat
      2008-04-07 13:16 . 2008-04-07 13:16 <REP> d-------- C:\Program Files\Safari
      2008-04-07 13:16 . 2008-04-07 13:16 <REP> d-------- C:\Program Files\iPod
      2008-04-07 13:15 . 2008-04-07 13:16 <REP> d-------- C:\Program Files\iTunes
      2008-04-07 13:14 . 2008-04-07 13:15 <REP> d-------- C:\Program Files\QuickTime
      2008-04-05 01:53 . 2008-04-05 01:53 <REP> d-------- C:\Profils\root\Application Data\DivX
      2008-04-05 01:50 . 2008-04-12 02:44 <REP> d-------- C:\Program Files\DivX
      2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
      2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-29 20:22 . 2008-03-29 20:22 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
      2008-03-29 20:21 . 1998-10-07 14:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
      2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
      2008-03-23 20:36 . 2008-03-23 20:37 <REP> d-------- C:\Program Files\Freeplayer
      2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
      2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 22:30 . 2008-03-21 22:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
      2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
      2008-03-20 03:03 . 2008-03-20 03:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
      2008-03-20 03:03 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-12 16:56 86,204,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
      2008-04-12 16:29 1,010,876 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
      2008-04-12 16:18 --------- d-----w C:\Profils\All Users\Application Data\Spybot - Search & Destroy
      2008-04-12 03:14 5,200,896 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2008-04-12 03:14 2,954,693 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-04-12 03:14 1,722,368 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2008-04-12 00:44 --------- d-----w C:\Program Files\eMule
      2008-04-12 00:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-04-08 23:33 --------- d-----w C:\Profils\root\Application Data\Azureus
      2008-04-07 11:17 --------- d-----w C:\Profils\root\Application Data\Apple Computer
      2008-03-29 18:11 1,652,736 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2008-03-29 12:38 --------- d-----w C:\Program Files\Winamp
      2008-03-29 12:38 --------- d-----w C:\Profils\root\Application Data\Winamp
      2008-03-23 18:47 --------- d-----w C:\Profils\root\Application Data\vlc
      2008-03-22 17:24 --------- d-----w C:\Program Files\Java
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-03-20 01:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
      2008-03-17 23:12 --------- d-----w C:\Program Files\Cpu-Z
      2008-03-09 13:13 --------- d-----w C:\Program Files\Azureus
      2008-03-09 02:06 --------- d-----w C:\Profils\root\Application Data\U3
      2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
      2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2008-02-08 22:28 17,532,965 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_02_08_22_51_46_full.dmp.zip
      2008-02-08 21:46 1,538,048 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2008-02-08 19:10 691,545 ----a-w C:\WINDOWS\unins000.exe
      2008-02-02 17:19 1,520,640 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
      2008-01-24 20:33 1,497,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2008-01-23 15:27 1,495,552 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2008-01-13 19:55 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-13 18:58 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
      2008-01-13 18:37 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
      2008-01-13 18:37 99,965 ----a-w C:\WINDOWS\UninstallThunderbird.exe
      .

      ------- Sigcheck -------

      2005-06-13 09:46 506368 778cf2f27460f0512cbe010ae5b91cb2 C:\WINDOWS\system32\winlogon.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51 7323648]
      "nwiz"="nwiz.exe" [2005-12-14 08:51 1519616 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51 86016]
      "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
      "WD Button Manager"="WDBtnMgr.exe" [2008-01-13 20:58 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 21:40 249896]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 19:05 196608]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "nlsf"="cmd.exe" [2004-08-04 01:54 400896 C:\WINDOWS\system32\cmd.exe]

      C:\Profils\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "SynchronousMachineGroupPolicy"= 0 (0x0)
      "SynchronousUserGroupPolicy"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)
      "NoResolveSearch"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "SearchSystemDirs"= 1 (0x1)
      "SearchHidden"= 1 (0x1)
      "IncludeSubFolders"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "SearchSystemDirs"= 1 (0x1)
      "SearchHidden"= 1 (0x1)
      "IncludeSubFolders"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoInternetIcon"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

      R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:55]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-20 03:03]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      DcomLaunch REG_MULTI_SZ DcomLaunch

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62ca144e-ed12-11dc-85f6-00138fd5f064}]
      \Shell\AutoRun\command - E:\LaunchU3.exe

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-07 11:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-04-12 16:31:14 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-12 18:56:20
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-12 18:56:46
      ComboFix-quarantined-files.txt 2008-04-12 16:56:42
      Pre-Run: 78,897,094,656 octets libres
      Post-Run: 78,880,182,272 octets libres

      Voilà ensuite celui d'Antivir :

      AntiVir PersonalEdition Classic
      Report file date: samedi 12 avril 2008 15:39

      Scanning for 1198942 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: root
      Computer name: NICK2-53A7B945B

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:40:45
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:08:34
      ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 00:21:36
      ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 00:21:36
      AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 00:21:37
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 20:45:01
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 12 avril 2008 15:39

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'avgas.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'guard.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      14 processes with 14 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '28' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Profils\root\Bureau\Zik Check\Tortoise - TNT (full album CD mp3) by Speedtriple.ace
      [0] Archive type: ACE
      --> Tortoise\Tortoise - 07 - The Suspension Bridge at Iguaz£ Falls.mp3
      [WARNING] Error creating the file
      --> Tortoise\Tortoise - 08 - Four-Day Interval.mp3
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      [WARNING] No further files can be extracted from this archive. The archive will be closed


      End of the scan: samedi 12 avril 2008 16:40
      Used time: 1:00:26 min

      The scan has been done completely.

      5991 Scanning directories
      241210 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      241210 Files not concerned
      851 Archives were scanned
      4 Warnings
      124 Notes

      Et question, le virus mis en quarantaine, je peux le virer ?

      Merci encore.
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce crack qui est problablement infécté:

    C:\Profils\root\Bureau\Zik Check\Tortoise - TNT (full album CD mp3) by Speedtriple.ace

    ______
    vire ce qui est en quarantaine dans antivir

    ___________

    encore des soucis???
    0
    1. Julien
       
      C'est pas un crack, c'est un album de post-rock que m'a filé un pote ! :-)
      Mais bon, puisque tu me dis que le virer c'est mieux, je le vire et j'appelle mon pote pour lui dire deux mots !!!

      Sinon, le message au démarrage a disparu, c'est ce qu'on appelle de l'efficacité sans perdre de temps dis donc !

      Un grand merci pour le coup de patte.

      Une bonne fin de week-end.
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu es sur du fichier pourquoi pas...

    tu peux essayer de l'analyser sur virus total pour voir: https://www.virustotal.com/gui/

    C:\Profils\root\Bureau\Zik Check\Tortoise - TNT (full album CD mp3) by Speedtriple.ace

    bonne suite
    0