Sysdepannage, Malware alarm,...

Question

Bonsoir à tous!

Voilà en fait j'ai deux problèmes. Mon antivirus est AVG. J'ai fait un scan il y a une heure et il a repéré 8 virus dont les emplacements sont:

-C:\Documents and settings\Nesquik\Local Settings\Temporary Internet files\Content IE5\6T41J414OFQ\install_en[1].exe

-C:\Documents and settings\Nesquik\Local Settings\Temporary Internet files\Content IE5\6T41J414OFQ\yazzsnet[1].exe

-C:\Documents and settings\Nesquik\Local Settings\Temporary Internet files\Content IE5\4B9ZE6R1\wavvsnet[1].exe

-C:\DOCUME~1\Nesquik\LOCALS~1\Temp\yazzsnet.exe

-C:\Windows\system32\xcsDd01\xcsDd011065.exe  (je l'ai deux fois celui-ci)

-C:\DOCUME~1\Nesquik\LOCALS~1\Temp\wavvsnet.exe

-C:\Documents and settings\Nesquik\Local Settings\Temporary Internet files\Content IE5\S12RSH2F\code2[1].htm

Il me propose de les effacer, est-ce que je peux le faire sans risque ou non?

Comme un probleme n'arrive jamais seul, je reçois aussi plein de spyware du genre Sysdepannage, Malware alarm, etc

Voici mon log Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:46, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
D:\Mes Utilitaires\mes utilitaires\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BM070deccb] Rundll32.exe "C:\WINDOWS\system32\brenoptb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD543156-7903-4DD9-BF7F-C7F23B1F1EAE}: NameServer = 81.253.149.1 80.10.246.3
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe

sKe69 · Answer

Salut,
commence par supprimer ton Hijackthis (et son raccourci), placé ainsi , il ne sert à rien ...

télécharges et instales le logiciel HijackThis : 
 
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

Important :
1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" .

Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut ( C\: programme file \ ) .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

2-Renommer le prg HijackThis : 
dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommé" : tapes monjack et valide .

tuto pour l’utiliser 
regarde ici c'est parfaitement expliqué en images 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

Fermes toutes tes applications et déconnectes toi .

double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...

banzaiontherock · Answer

Merci pour ta reponse. Je m'y colle tout de suite et te tient au courant

sKe69 · Answer

c'est parti ...

Télécharger Vundofix.exe (par Atribune) sur ton Bureau (et pas ailleur !) 
http://www.atribune.org/ccount/click.php?id=4 

Ce déconnecter et fermer toute ces applications le temps de la manipe .

Double-cliquer sur VundoFix.exe afin de le lancer. 
Cliquer sur le bouton Scan for Vundo. 

Lorsque le scan est complété, cliquer sur le bouton fix Vundo. 

Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES 

Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer. 

Le contenu du rapport est situé dans C:\vundofix.txt : postes ce rapport avec aussi un nouveau rapport mojack pour annalyse .

banzaiontherock · Answer

J'ai suivi ta procedure à la lettre mais Vundo fix n'a repéré aucun fichier infecté. aucin rapport ne s'est affiché. Je n'ai eu aucun ficheir à supprimer.
je te poste un nouveau rapport monjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:08, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: (no name) - {1342F8C4-DF58-48B1-BB9C-61ABC2CC8AC2} - C:\WINDOWS\system32\ddcDuTmm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\wvUNhffG.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BM070deccb] Rundll32.exe "C:\WINDOWS\system32\brenoptb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD543156-7903-4DD9-BF7F-C7F23B1F1EAE}: NameServer = 80.10.246.1 81.253.149.2
O20 - Winlogon Notify: wvUNhffG - C:\WINDOWS\SYSTEM32\wvUNhffG.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe

banzaiontherock · Answer

Je voudrais juste préciser une petite chose:

Je viens de recevoir deux pub pour des jeux videos: Un truc de gladiateur (j'ai pas relevé le nom) et une autre
pour un jeu qui s'appelle IKARIAM.

sKe69 · Answer

C'est du à ton infection,on va régler tout cela ... continuons :

Télécharger VirtumundoBegone sur le bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

Ce déconnecter et fermer toute ces applications le temps de la manipe .

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau , postes le. 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

puis ensuite, fait un autre scan monjack et postes le aussi .

banzaiontherock · Answer

voici le rapport VBG:

[04/21/2008, 22:50:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nesquik\Bureau\VirtumundoBeGone.exe" )
[04/21/2008, 22:50:07] - Detected System Information:
[04/21/2008, 22:50:07] -  Windows Version: 5.1.2600, Service Pack 2
[04/21/2008, 22:50:07] -  Current Username: Nesquik (Admin)
[04/21/2008, 22:50:07] -  Windows is in NORMAL mode.
[04/21/2008, 22:50:07] - Searching for Browser Helper Objects:
[04/21/2008, 22:50:07] -  BHO 1: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Barre d'outils)
[04/21/2008, 22:50:07] -  BHO 2: {1342F8C4-DF58-48B1-BB9C-61ABC2CC8AC2} ()
[04/21/2008, 22:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:07] -  Checking for HKLM\...\Winlogon\Notify\ddcDuTmm
[04/21/2008, 22:50:07] -  Key not found: HKLM\...\Winlogon\Notify\ddcDuTmm, continuing.
[04/21/2008, 22:50:07] -  BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/21/2008, 22:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:07] -  No filename found. Continuing.
[04/21/2008, 22:50:07] -  BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/21/2008, 22:50:07] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/21/2008, 22:50:07] -  BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/21/2008, 22:50:07] -  BHO 7: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} ()
[04/21/2008, 22:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:07] -  Checking for HKLM\...\Winlogon\Notify\wvUNhffG
[04/21/2008, 22:50:07] -  Found: HKLM\...\Winlogon\Notify\wvUNhffG - This is probably Virtumundo.
[04/21/2008, 22:50:07] -  Assigning {F50B3F5E-856E-4757-9BB1-B35D46CA7719} MSEvents Object
[04/21/2008, 22:50:07] - BHO list has been changed! Starting over...
[04/21/2008, 22:50:07] -  BHO 1: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Barre d'outils)
[04/21/2008, 22:50:07] -  BHO 2: {1342F8C4-DF58-48B1-BB9C-61ABC2CC8AC2} ()
[04/21/2008, 22:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:07] -  Checking for HKLM\...\Winlogon\Notify\ddcDuTmm
[04/21/2008, 22:50:07] -  Key not found: HKLM\...\Winlogon\Notify\ddcDuTmm, continuing.
[04/21/2008, 22:50:07] -  BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/21/2008, 22:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:07] -  No filename found. Continuing.
[04/21/2008, 22:50:07] -  BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/21/2008, 22:50:07] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/21/2008, 22:50:07] -  BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/21/2008, 22:50:07] -  BHO 7: {F50B3F5E-856E-4757-9BB1-B35D46CA7719} (MSEvents Object)
[04/21/2008, 22:50:07] - ALERT: Found MSEvents Object!
[04/21/2008, 22:50:07] - Finished Searching Browser Helper Objects
[04/21/2008, 22:50:07] - *** Detected MSEvents Object
[04/21/2008, 22:50:07] - Trying to remove MSEvents Object...
[04/21/2008, 22:50:08] -    Terminating Process: IEXPLORE.EXE
[04/21/2008, 22:50:08] -    Terminating Process: RUNDLL32.EXE
[04/21/2008, 22:50:08] -    Disabling Automatic Shell Restart
[04/21/2008, 22:50:08] -    Terminating Process: EXPLORER.EXE
[04/21/2008, 22:50:10] -    Suspending the NT Session Manager System Service
[04/21/2008, 22:50:10] -    Terminating Windows NT Logon/Logoff Manager
[04/21/2008, 22:50:11] -    Re-enabling Automatic Shell Restart
[04/21/2008, 22:50:11] -   File to disable: C:\WINDOWS\system32\wvUNhffG.dll
[04/21/2008, 22:50:11] -  Renaming C:\WINDOWS\system32\wvUNhffG.dll -> C:\WINDOWS\system32\wvUNhffG.dll.vir
[04/21/2008, 22:50:12] -  File successfully renamed!
[04/21/2008, 22:50:12] -   Removing HKLM\...\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/21/2008, 22:50:12] -   Removing HKCR\CLSID\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/21/2008, 22:50:13] -   Adding Kill Bit for ActiveX for GUID: {F50B3F5E-856E-4757-9BB1-B35D46CA7719}
[04/21/2008, 22:50:13] -   Deleting ATLEvents/MSEvents Registry entries
[04/21/2008, 22:50:13] -   Removing HKLM\...\Winlogon\Notify\wvUNhffG
[04/21/2008, 22:50:13] - Searching for Browser Helper Objects:
[04/21/2008, 22:50:13] -  BHO 1: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Barre d'outils)
[04/21/2008, 22:50:13] -  BHO 2: {1342F8C4-DF58-48B1-BB9C-61ABC2CC8AC2} ()
[04/21/2008, 22:50:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:13] -  Checking for HKLM\...\Winlogon\Notify\ddcDuTmm
[04/21/2008, 22:50:13] -  Key not found: HKLM\...\Winlogon\Notify\ddcDuTmm, continuing.
[04/21/2008, 22:50:13] -  BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/21/2008, 22:50:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/21/2008, 22:50:13] -  No filename found. Continuing.
[04/21/2008, 22:50:13] -  BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/21/2008, 22:50:13] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/21/2008, 22:50:13] -  BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/21/2008, 22:50:13] - Finished Searching Browser Helper Objects
[04/21/2008, 22:50:13] - Finishing up...
[04/21/2008, 22:50:13] - A restart is needed.
[04/21/2008, 22:50:22] - Attempting to Restart via STOP error (Blue Screen!)

et le rapport monjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:40, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B082757E-A79D-4DAE-A4B5-9A61562CD8E0} - C:\WINDOWS\system32\ddcDuTmm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BM070deccb] Rundll32.exe "C:\WINDOWS\system32\brenoptb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD543156-7903-4DD9-BF7F-C7F23B1F1EAE}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device -   - C:\WINDOWS\system32\lxctcoms.exe

sKe69 · Answer

Télécharger ComboFix (par sUBs) sur le Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

Double cliquer combofix.exe. 

Appuyer sur la touche Y (Yes) pour démarrer le scan 
Le rapport sera crée dans: C:\Combofix.txt 

Redémarre ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport monjack pour analyse .

banzaiontherock · Answer

Rapport Combofix:

ComboFix 08-04-20.5 - Nesquik 2008-04-21 23:27:17.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.385 [GMT 2:00]
Endroit: D:\Mes Utilitaires\mes utilitaires\ComboFix\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\brenoptb.dll
C:\WINDOWS\system32\ddcDuTmm.dll
C:\WINDOWS\system32\mmTuDcdd.ini
C:\WINDOWS\system32\mmTuDcdd.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\xxyxVllK.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 22:10 . 2008-04-21 22:10 <REP> d-------- C:\VundoFix Backups
2008-04-21 21:56 . 2008-04-21 21:56 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 20:21 . 2008-04-21 21:00 109,765 --a------ C:\WINDOWS\BM070deccb.xml
2008-04-21 19:59 . 2008-04-21 19:59 <REP> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 19:59 . 2008-04-21 19:59 <REP> d-------- C:\Temp\berDrv11
2008-04-21 19:59 . 2008-04-21 19:59 <REP> d-------- C:\Temp
2008-04-21 19:59 . 2008-04-21 19:59 39,936 --a------ C:\WINDOWS\system32\wvUNhffG.dll.vir
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-04-21 01:10 . 2008-04-21 01:10 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-04-20 01:43 . 2008-04-20 01:43 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\Samsung
2008-04-20 01:39 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-04-20 01:38 . 2008-04-20 01:38 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-20 01:38 . 2008-04-20 01:38 <REP> d-------- C:\Program Files\Samsung
2008-04-20 01:38 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-04-20 01:38 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-04-20 01:38 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-04-20 01:38 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-04-20 01:38 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-04-20 01:38 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-04-20 01:38 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-04-20 01:38 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-20 01:38 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-20 01:37 . 2008-04-20 01:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-19 23:58 . 2008-04-19 23:58 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-04-16 01:36 . 2008-04-16 01:36 248 --a------ C:\WINDOWS\RomeTW.ini
2008-04-16 01:27 . 2008-04-16 01:27 <REP> d-------- C:\Program Files\Activision
2008-04-16 00:20 . 2008-04-16 00:20 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\DAEMON Tools
2008-04-16 00:20 . 2008-04-16 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 12:26 . 2008-04-21 20:37 <REP> dr-h----- C:\$VAULT$.AVG
2008-04-15 12:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 12:11 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-15 12:11 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 21:07 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-14 21:06 . 2008-04-14 21:06 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-14 20:51 . 2008-04-16 10:36 <REP> d-------- C:\Documents and Settings\Nesquik\Contacts
2008-04-14 20:48 . 2008-04-14 21:07 <REP> d-------- C:\Program Files\Windows Live
2008-04-14 20:48 . 2008-04-14 21:02 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-14 20:47 . 2008-04-14 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-14 11:00 . 2008-04-14 11:00 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\5400 Series
2008-04-14 10:44 . 2008-04-19 23:58 <REP> d-------- C:\Program Files\Lx_cats
2008-04-14 10:43 . 2006-11-07 13:30 344,064 --a------ C:\WINDOWS\system32\lxctcoin.dll
2008-04-14 10:43 . 2006-04-25 05:11 40,960 --a------ C:\WINDOWS\system32\lxctvs.dll
2008-04-14 10:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-14 10:43 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-14 10:42 . 2006-08-08 17:58 692,224 --a------ C:\WINDOWS\system32\lxctdrs.dll
2008-04-14 10:42 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-14 10:42 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-14 10:42 . 2006-08-14 19:17 65,536 --a------ C:\WINDOWS\system32\lxctcaps.dll
2008-04-14 10:42 . 2006-05-03 16:31 61,440 --a------ C:\WINDOWS\system32\lxctcnv4.dll
2008-04-14 10:41 . 2006-04-24 18:00 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-04-14 10:41 . 2006-04-24 18:00 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-04-14 10:41 . 2006-04-24 18:00 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-04-14 10:41 . 2006-04-24 18:00 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-04-14 10:41 . 2006-04-24 18:00 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-04-14 10:41 . 2006-10-18 08:36 45,056 --a------ C:\WINDOWS\system32\lxctpmon.dll
2008-04-14 10:41 . 2006-10-18 08:35 32,768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2008-04-14 10:41 . 2006-10-18 08:42 12,288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2008-04-14 10:40 . 2008-04-14 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\5400 Series
2008-04-14 10:39 . 2008-04-14 11:01 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-04-14 10:39 . 2008-04-14 10:39 <REP> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-14 10:38 . 2008-04-14 11:00 <REP> d-------- C:\Program Files\Lexmark 5400 Series
2008-04-14 10:37 . 2006-11-06 18:20 684,032 --a------ C:\WINDOWS\system32\lxctcomc.dll
2008-04-14 10:37 . 2006-11-22 11:11 537,520 --a------ C:\WINDOWS\system32\lxctcoms.exe
2008-04-14 10:37 . 2006-11-06 18:28 421,888 --a------ C:\WINDOWS\system32\lxctcomm.dll
2008-04-14 10:37 . 2006-11-22 11:11 381,872 --a------ C:\WINDOWS\system32\lxctcfg.exe
2008-04-14 10:37 . 2006-11-13 11:49 77,824 --a------ C:\WINDOWS\system32\lxctcu.dll
2008-04-14 10:37 . 2006-09-06 08:19 77,824 --a------ C:\WINDOWS\system32\LXCTcfg.dll
2008-04-14 10:37 . 2006-11-22 11:08 1,811 --a------ C:\WINDOWS\system32\lxct.loc
2008-04-13 00:32 . 2008-04-13 00:32 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\BSplayer Pro
2008-04-13 00:32 . 2008-04-14 14:23 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\BSplayer
2008-04-13 00:28 . 2008-04-13 00:32 <REP> d-------- C:\Program Files\Webteh
2008-04-12 04:35 . 2008-04-12 04:35 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 04:35 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-11 18:04 . 2008-04-11 18:04 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\CDBurnerXP_Soft
2008-04-11 10:40 . 2008-04-11 10:40 <REP> d-------- C:\Program Files\CyberLink
2008-04-11 10:40 . 2008-04-11 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-11 02:27 . 2008-04-11 02:27 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\DivX
2008-04-11 02:26 . 2008-04-11 02:26 <REP> d-------- C:\Program Files\DivX
2008-04-10 23:08 . 2008-04-10 23:08 <REP> d-------- C:\Program Files\MSBuild
2008-04-10 23:08 . 2008-04-10 23:08 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-10 23:07 . 2008-04-10 23:07 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-10 23:04 . 2008-04-10 23:04 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-10 23:03 . 2008-04-10 23:07 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-10 23:02 . 2008-04-10 23:02 <REP> dr-h----- C:\MSOCache
2008-04-10 23:02 . 2008-04-10 23:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-10 21:08 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-10 21:08 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-10 21:08 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-10 21:08 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-10 21:07 . 2008-04-10 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-10 21:07 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-04-10 21:07 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-04-10 21:07 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-04-10 21:07 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-04-10 21:06 . 2008-04-10 21:06 <REP> d-------- C:\Program Files\Logitech
2008-04-10 20:49 . 2008-04-10 20:49 <REP> d-------- C:\Program Files\Ubisoft
2008-04-10 18:43 . 2008-04-10 18:43 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-10 18:41 . 2008-04-10 18:41 <REP> d-------- C:\Program Files\Real
2008-04-10 18:41 . 2008-04-10 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-10 18:36 . 2008-04-10 18:37 <REP> d-------- C:\Program Files\Google
2008-04-10 17:47 . 2008-04-16 02:15 <REP> d-------- C:\Program Files\eMule
2008-04-10 17:32 . 2008-04-21 23:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 17:32 . 2008-04-10 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-10 17:31 . 2008-04-10 17:31 <REP> d-------- C:\Program Files\iTunes
2008-04-10 17:31 . 2008-04-10 17:31 <REP> d-------- C:\Program Files\iPod
2008-04-10 17:30 . 2008-04-10 17:30 <REP> d-------- C:\Program Files\QuickTime
2008-04-10 17:11 . 2008-04-10 17:11 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\Apple Computer
2008-04-10 17:10 . 2008-04-14 20:50 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-10 17:10 . 2008-04-10 17:10 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-10 17:10 . 2008-04-10 17:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-10 17:09 . 2008-04-10 17:09 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-10 17:09 . 2008-04-10 17:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-10 17:07 . 2008-04-10 17:07 <REP> d-------- C:\Program Files\Media Player Classic
2008-04-10 17:07 . 2008-04-10 17:07 <REP> d-------- C:\Documents and Settings\Nesquik\Application Data\Media Player Classic
2008-04-10 17:04 . 2008-04-10 17:04 13,764 --a------ C:\WINDOWS\system32\wpa.bak
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 21:35 --------- d-----w C:\Program Files\Wanadoo
2008-04-21 21:23 --------- d-----w C:\Documents and Settings\Nesquik\Application Data\DNA
2008-04-21 20:49 --------- d-----w C:\Documents and Settings\Nesquik\Application Data\BitTorrent
2008-04-21 18:07 --------- d-----w C:\Documents and Settings\Nesquik\Application Data\AVG7
2008-04-19 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 21:52 --------- d-----w C:\Program Files\ATI Technologies
2008-04-19 21:47 --------- d-----w C:\Documents and Settings\Nesquik\Application Data\ATI
2008-04-15 22:36 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-04-11 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-10 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-10 14:32 --------- d-----w C:\Program Files\DNA
2008-04-10 14:32 --------- d-----w C:\Program Files\BitTorrent
2008-04-10 13:46 --------- d-----w C:\Program Files\Alcatel
2008-04-10 13:45 --------- d-----w C:\Program Files\Messager Wanadoo
2008-04-10 13:41 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-10 13:41 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-10 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-10 13:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-10 13:04 --------- d-----w C:\Program Files\Services en ligne
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 17:34 288576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 04:39 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 73728 C:\WINDOWS\system32\sstray.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 09:48 579584]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47 32768]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15 861184]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-10 18:41 185896]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 11:11 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 11:12 304048]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 11:11 82864]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 14:27 106496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 21:05 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-10 15:41 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-18 17:16:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 23:33:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-21 23:37:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 21:37:10

Pre-Run: 16,182,767,616 octets libres
Post-Run: 16,002,158,592 octets libres

250 --- E O F --- 2008-04-12 02:36:09

Rapport Monjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:09, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD543156-7903-4DD9-BF7F-C7F23B1F1EAE}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

sKe69 · Answer

Voilà un bon début ...

Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas clické sur les carré des lignes suivantes : 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) 
O15 - Trusted Zone: *.amaena.com 
O15 - Trusted Zone: *.avsystemcare.com 
O15 - Trusted Zone: *.gomyhit.com 
O15 - Trusted Zone: *.imageservr.com 
O15 - Trusted Zone: *.imagesrvr.com 
O15 - Trusted Zone: *.onerateld.com 
O15 - Trusted Zone: *.safetydownload.com 
O15 - Trusted Zone: *.storageguardsoft.com 
O15 - Trusted Zone: *.trustedantivirus.com 
O15 - Trusted Zone: *.virusschlacht.com 
O15 - Trusted Zone: *.amaena.com (HKLM) 
O15 - Trusted Zone: *.avsystemcare.com (HKLM) 
O15 - Trusted Zone: *.gomyhit.com (HKLM) 
O15 - Trusted Zone: *.imageservr.com (HKLM) 
O15 - Trusted Zone: *.imagesrvr.com (HKLM) 
O15 - Trusted Zone: *.onerateld.com (HKLM) 
O15 - Trusted Zone: *.safetydownload.com (HKLM) 
O15 - Trusted Zone: *.storageguardsoft.com (HKLM) 
O15 - Trusted Zone: *.trustedantivirus.com (HKLM) 
O15 - Trusted Zone: *.virusschlacht.com (HKLM) 

Tu cliques en bas sur le bouton FIX CHECKED et valides .

Ensuite fait ce-ci:
Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout. 
Un tuto 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

vas dans nettoyeur : fait annalyse puis nettoyage 
et vas dans registre : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) . 

Redémarre ton PC .

Refait un scan monjack et postes le nouveau rapport pour contrôler .
Attends les instructions ...

Sysdepannage, Malware alarm,...

10 réponses

Votre réponse

Discussions similaires

Newsletters