Http://viruswebprotect2008.com/shandler.php?

Bonjour,

Je me suis retrouvé aujourd'hui avec des anti-virus qui se sont installés tous seuls. Tous sont liés au site viruswebprotect2008.com.

Le problème, c'est qu'ils n'arrêtent pas de crier au virus, au cheval de troie, etc. tout en proposant d'installer un super système de sécurité bien entendu payant. Autre symptômr : ils me bouffent ma page de démarrage internet pour la remplacer par une page publicitaire pour un autre anti-virus qui, d'après ce que j'ai vu, est du même acabit.

Mon anti-virus McFee ne trouve rien pour les dégager. J'ai donc installé Combofix après recherche.

Combofix a détecté et viré les trois anti-virus. Seul problème : je suis tranquille pendant une à deux heures avant que les trois anti-virus ne reviennent et refassent sonner les haut-parleurs à tour de bras. Je pense que je dois faire quelque chose après le dépistage de Combofix, mais je ne sais pas quoi.

Ci-dessous le texte du rapport de Combofix. Merci d'avance.

ComboFix 08-05-21.2 - Florian 2008-05-22 18:37:52.2 - NTFSx86
Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Florian\Bureau\Error Cleaner.url
C:\Documents and Settings\Florian\Bureau\Privacy Protector.url
C:\Documents and Settings\Florian\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\Florian\Favoris\Error Cleaner.url
C:\Documents and Settings\Florian\Favoris\Privacy Protector.url
C:\Documents and Settings\Florian\Favoris\Spyware&Malware Protection.url

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun
2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6
2008-05-22 16:16 . 2008-05-22 16:16 <REP> d-------- C:\Program Files\Java
2008-05-22 16:16 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-22 14:42 . 2008-05-22 18:16 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons
2008-05-22 13:35 . 2008-05-21 17:43 331,776 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-22 13:35 . 2008-05-21 17:43 237,568 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-22 13:35 . 2008-05-21 17:43 200,704 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-22 13:35 . 2008-05-21 17:43 159,744 --a------ C:\WINDOWS\elsq.exe
2008-05-22 13:35 . 2008-05-21 17:44 90,112 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo!
2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo!
2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack
2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe
2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU
2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU
2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe
2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 15:44 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent
2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent
2008-05-22 13:06 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla
2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0
2008-05-13 22:27 --------- d-----w C:\Program Files\DivX
2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client
2008-04-18 05:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-18 05:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe
2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe
2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe
2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe
2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe
2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe
2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe
2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log
2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe
2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe
2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip
2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar
2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe
2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe
2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe
2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat
2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat
2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat
2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying
2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe
2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt
2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 200704]

[HKEY_CLASSES_ROOT\clsid\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib\{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}]
[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"McRegWiz"="c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 15:41 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 237568]
"pxgdslro"= {06B91A23-D280-4D41-B179-4CB92C393665} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.DivXa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port
"58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port
"58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port
"58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port
"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port
"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port
"58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port
"58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 18:39:18
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-22 18:40:01
ComboFix-quarantined-files.txt 2008-05-22 16:39:50
ComboFix2.txt 2008-05-22 14:35:34

Pre-Run: 75,806,400,512 octets libres
Post-Run: 75,803,734,016 octets libres

191 --- E O F --- 2008-05-16 14:58:13