Virus Alert! Résolu/Fermé

Question

Bonjour,
J'ai attrapé un virus...
- Icône dans la barre d'outil "Your Computer is infected".
- Des fenêtres Explorer qui me dirige sur un antivirus bidon...
- Des messages popup...
- Message "VIRUS ALERT!" a coté de la date dans la barre.

J'ai éliminé le virus a l'aide d'un de ces programmes:
mon antivirus NOD32
ou AdAware
ou AVG Anti-Spyware
ou SUPERAntiSpyware Pro
Je ne sais pas lequel a permis l'élimination!!!

J'ai réussi à corriger:
-----------------------

- Plus d'accès à Display Control Pannel message popup "your system administrator disable Display Control Pannel"
- Plus d'accès à Task Manager, message "Task Manager Has Been Disabled By Your Administrator"
- Plus d'accès à RegEdit, message "Registry Editing Has Been Disabled By Your Administrator"
En remettant les valeurs par défaut de HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

- Plus d'accès a "All Programs" dans "start" (démarrer)
- Plus de bouton "Log Off" dans "start" 
- Plus de disque C:\ dans l'explorateur
- Plus de disque D:\ dans l'explorateur
En remettant les valeurs par défaut de HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

- Plus de "run", "search", "control pannel"... dans "start"
En remettant les choix du "Taskbar and Start Menu Properties"

- Message "VIRUS ALERT!" a coté de la date dans la barre du bas
- Message "VIRUS ALERT!" a coté des dates dans l'exporateur
En remettant les valeurs par défaut de  sTimeFormat dans HKEY_CURRENT_USER\Control Panel\International

- Icône dans la barre d'outil "Unable to complete Genuine Windows Validation"
Dans HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion le ProductId = "VIRUS ALERT!" a remettre...

Il me reste encore à corriger:
------------------------------
rien de visible...

Ce qui m'inquiète le plus c'est qu'il a surement encore modifié des choses que je n'ai pas vu... Ce virus a foutus une sacré pagaille sur mon ordi!

Si vous connaissez des modifications de ce virus, merci d'avance de me les indiquer...
Merci!


Voila le rapport HijackThis:
----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10: VIRUS ALERT!, on 05.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\program files\java\jre1.6.0_07\bin\java.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\PROGRA~1\MICROS~3apimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gsavary.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L07FXLRD_56704953] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Easy Sync] C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKCU\..\Run: [ACDSeeSRPro25] "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Task Manager.lnk = C:\WINDOWS\system32	askmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.provincia.savona.it/turismo
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2013B6-1AC7-4DFC-AA0E-F26378826FA0}: NameServer = 192.168.1.1,195.186.1.111,195.186.4.111
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Greyware SloStart Service - Greyware Automation Products, Inc. - c:\windows\system32\slostart.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SSL-Explorer - Unknown owner - C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

anthony5151 · Answer

Bonjour,


Ton rapport ne montre plus de trace d'infection... Pour vérifier :


Télécharge et installe Malwarebytes' Anti-Malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée 
- Lance MBAM, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle

Lance MBAM 
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen" 
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection 
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

scaladan · Answer

Bonjour,
Merci beaucoup pour ta réponse!
Je mets dessous le rapport que j'ai fait en "Mode sans échec".
Sais-tu si ce virus à pu modifier quelques choses d'autre?
A+



Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1230
Windows 5.1.2600 Service Pack 3

06.10.2008 00:36:58
mbam-log-2008-10-06 (00-36-52).txt

Type de recherche: Examen complet (C:\|D:\|S:\|)
Eléments examinés: 503198
Temps écoulé: 1 hour(s), 27 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	dssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE	dss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services	dssserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\dkwqgnbe.bmax (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\dkwqgnbe.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> No action taken.
C:\Program Files\eMule (ORI 0.48a)\LinkCreator.exe (Rogue.Fake!emule.exe) -> No action taken.
C:\WINDOWS\ewpe.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Gilles\Favorites\Malware Defender.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gilles\Favorites\Protect Your Privacy.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gilles\Favorites\System Error Fixer.url (Rogue.Link) -> No action taken.

Utilisateur anonyme · Answer

dsl de te couper anthony je rajoute un ptit truc :

-> efface avec ce que trouver malware byte
-> ca c'est une fausse alerte :
C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> No action taken. 
C:\Program Files\eMule (ORI 0.48a)\LinkCreator.exe (Rogue.Fake!emule.exe) -> No action taken.

-> Met à jour Nod 32 !! (tu as la version 2, tu peux avoir gratuitement la version 3) ici :
https://www.eset.com/

anthony5151 · Answer

@ dorgane :

Oui je sais, j'ai signalé ce faux positif à MalwareBytes, mais tu as raison de le rappeler ;)




@ scaladan :

Ouvre MalwareBytes, vas dans quarantaine, sélectionne les deux lignes suivantes et clique sur "Restaurer"
C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe)
C:\Program Files\eMule (ORI 0.48a)\LinkCreator.exe (Rogue.Fake!emule.exe)

Supprime tout le reste.


Ensuite, on va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... 

Fais exactement ce qui suit : 

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- 
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! 

Dans ton cas, il s'agit d'AVG AntiSpyware, de NOD32, de ZoneAlarm et de SUPERAntiSpyware

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre... 

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 
--------------------------------------------------------------------------------------------------------------------------------- 

Ensuite : 
double-clique sur C-Fix.exe (= combofix.exe ) . 

Appuie sur une touche pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

scaladan · Answer

Hello,
Merci pour les info!
J'ai mis a jour NOD32 en version 3...
Pour ComboFix, je ferai ça ce soir...

Au début de la procédure d'élimination, j'ai utilisé SUPERAntiSpyware.
Il m'a mis plein de chose en quarantaine... Est-ce que tout est nécessaire?
Voila le log...

Merci!!!

--------------------------------------------------------
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 10/05/2008 at 11:12 AM

Application Version : 4.21.1004

Core Rules Database Version : 3589
Trace Rules Database Version: 1576

Scan type       : Complete Scan
Total Scan Time : 00:40:51

Memory items scanned      : 637
Memory threats detected   : 2
Registry items scanned    : 9636
Registry threats detected : 61
File items scanned        : 48987
File threats detected     : 83

Adware.VideoAccessCodec/Gen
	C:\WINDOWS\XGPSARBM.DLL
	C:\WINDOWS\XGPSARBM.DLL

Adware.Vundo-Variant/J
	C:\WINDOWS\NEKSOLDA.DLL
	C:\WINDOWS\NEKSOLDA.DLL

Trojan.Unclassified/DKWQGNBE
	HKLM\Software\Classes\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\InprocServer32
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\InprocServer32#ThreadingModel
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\ProgID
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\Programmable
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\TypeLib
	HKCR\CLSID\{72A002C5-4CB6-4332-B881-460C051844BF}\VersionIndependentProgID
	HKCR\dkwqgnbe.1
	HKCR\dkwqgnbe
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}\1.0
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}\1.0\0
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}\1.0\0\win32
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}\1.0\FLAGS
	HKCR\TypeLib\{87F738CC-03BB-4A76-8688-CB7F2C765F41}\1.0\HELPDIR
	C:\WINDOWS\DKWQGNBE.DLL
	HKLM\Software\Microsoft\Internet Explorer\Toolbar#{72A002C5-4CB6-4332-B881-460C051844BF}
	HKCR\Interface\{33FA89DF-D48C-4BC3-83C3-B3DB06DA63F9}
	HKCR\Interface\{33FA89DF-D48C-4BC3-83C3-B3DB06DA63F9}\ProxyStubClsid
	HKCR\Interface\{33FA89DF-D48C-4BC3-83C3-B3DB06DA63F9}\ProxyStubClsid32
	HKCR\Interface\{33FA89DF-D48C-4BC3-83C3-B3DB06DA63F9}\TypeLib
	HKCR\Interface\{33FA89DF-D48C-4BC3-83C3-B3DB06DA63F9}\TypeLib#Version

Trojan.Dropper/SSO-NV
	HKLM\Software\Classes\CLSID\{CCDC111B-42D4-4DF8-8E0C-6DD84C01CD6E}
	HKCR\CLSID\{CCDC111B-42D4-4DF8-8E0C-6DD84C01CD6E}
	HKCR\CLSID\{CCDC111B-42D4-4DF8-8E0C-6DD84C01CD6E}\InProcServer32
	HKLM\Software\Classes\CLSID\{FF372AD1-7D56-4F0C-BE03-868D0B1417A2}
	HKCR\CLSID\{FF372AD1-7D56-4F0C-BE03-868D0B1417A2}
	HKCR\CLSID\{FF372AD1-7D56-4F0C-BE03-868D0B1417A2}\InProcServer32
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#xgpsarbm
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#neksolda

Trojan.Net-MSV/VPS-Variant
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85AF4583-AD9C-4D25-9323-6611490213F0}
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\InprocServer32
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\InprocServer32#ThreadingModel
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\ProgID
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\Programmable
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\TypeLib
	HKCR\CLSID\{85AF4583-AD9C-4D25-9323-6611490213F0}\VersionIndependentProgID
	HKCR\QXK.Olive
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}\1.0
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}\1.0\0
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}\1.0\0\win32
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}\1.0\FLAGS
	HKCR\TypeLib\{16D1DB95-AAFC-427D-81FD-E98028CA7BB7}\1.0\HELPDIR
	C:\WINDOWS\NKEFBLTDNTD.DLL
	HKCR\Interface\{0C3F9C5E-34F0-4B16-B8B7-3505CD992ADD}
	HKCR\Interface\{0C3F9C5E-34F0-4B16-B8B7-3505CD992ADD}\ProxyStubClsid
	HKCR\Interface\{0C3F9C5E-34F0-4B16-B8B7-3505CD992ADD}\ProxyStubClsid32
	HKCR\Interface\{0C3F9C5E-34F0-4B16-B8B7-3505CD992ADD}\TypeLib
	HKCR\Interface\{0C3F9C5E-34F0-4B16-B8B7-3505CD992ADD}\TypeLib#Version
	HKCR\Interface\{3E83238C-A186-4C98-9A91-44B4BE62A5EC}
	HKCR\Interface\{3E83238C-A186-4C98-9A91-44B4BE62A5EC}\ProxyStubClsid
	HKCR\Interface\{3E83238C-A186-4C98-9A91-44B4BE62A5EC}\ProxyStubClsid32
	HKCR\Interface\{3E83238C-A186-4C98-9A91-44B4BE62A5EC}\TypeLib
	HKCR\Interface\{3E83238C-A186-4C98-9A91-44B4BE62A5EC}\TypeLib#Version

Adware.Tracking Cookie
...effacés...

Browser Hijacker.Internet Explorer Settings Hijack
	HKU\S-1-5-21-1844237615-484061587-839522115-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Trojan.Net-MU/Gen
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Trojan.Dropper/Gen
	C:\WINDOWS\FKEBANRW.EXE

anthony5151 · Answer

Tu peux vider la qurantaine de SUPERAntiSpyware et de MalwareBytes

Ensuite, si tu n'as pas encore fait Combofix, commence par ceci finalement :



Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur une touche pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

scaladan · Answer

Hello !
Voila le rapport SDFix:
------------------------------


[b]SDFix: Version 1.233 [/b]
Run by Gilles on 07.10.2008 at 22:38

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:43:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:5a1ab449
"s2"=dword:06debfcb
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,41,a5,f6,77,87,9c,b1,31,d2,bc,62,3e,1f,36,24,3b,d6,66,cc,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d0,62,f7,ea,c1,40,2b,52,48,50,d8,e1,84,dc,54,d0,06,..
"khjeh"=hex:0c,01,2e,48,11,dd,0e,22,7f,cc,48,df,00,35,58,c6,2f,84,a8,e2,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,e7,e8,a1,17,6c,f2,23,d5,d5,59,24,81,19,ba,b5,2a,09,26,76,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c1,40,c6,ec,07,86,9d,69,af,01,30,4a,72,ca,84,e9,80,35,29,45,c2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:e7,7a,4e,c3,51,a9,69,82,13,05,5c,a9,f8,37,72,d1,aa,58,51,de,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:8a,17,97,7a,52,f1,65,69,87,64,ca,43,cb,18,fa,2a,83,66,2a,66,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,41,a5,f6,77,87,9c,b1,31,d2,bc,62,3e,1f,36,24,3b,d6,66,cc,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d0,62,f7,ea,c1,40,2b,52,48,50,d8,e1,84,dc,54,d0,06,..
"khjeh"=hex:0c,01,2e,48,11,dd,0e,22,7f,cc,48,df,00,35,58,c6,2f,84,a8,e2,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,e7,e8,a1,17,6c,f2,23,d5,d5,59,24,81,19,ba,b5,2a,09,26,76,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c1,40,c6,ec,07,86,9d,69,af,01,30,4a,72,ca,84,e9,80,35,29,45,c2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:e7,7a,4e,c3,51,a9,69,82,13,05,5c,a9,f8,37,72,d1,aa,58,51,de,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:8a,17,97,7a,52,f1,65,69,87,64,ca,43,cb,18,fa,2a,83,66,2a,66,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4a,41,a5,f6,77,87,9c,b1,31,d2,bc,62,3e,1f,36,24,3b,d6,66,cc,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d0,62,f7,ea,c1,40,2b,52,48,50,d8,e1,84,dc,54,d0,06,..
"khjeh"=hex:0c,01,2e,48,11,dd,0e,22,7f,cc,48,df,00,35,58,c6,2f,84,a8,e2,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,e7,e8,a1,17,6c,f2,23,d5,d5,59,24,81,19,ba,b5,2a,09,26,76,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c1,40,c6,ec,07,86,9d,69,af,01,30,4a,72,ca,84,e9,80,35,29,45,c2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:3c,d8,d9,52,a5,43,30,04,18,41,57,54,f2,b9,a9,65,2f,0a,4d,18,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:8a,17,97,7a,52,f1,65,69,87,64,ca,43,cb,18,fa,2a,83,66,2a,66,3f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Tue  6 Nov 2007            48 ..SH. --- "C:\WINDOWS\S566E90A0.tmp"
Tue 12 Jun 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  4 Oct 2004       417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
Tue 11 May 2004        61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Wed 21 Mar 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 28 Nov 1998         1,024 ...HR --- "C:\Documents and Settings\Gilles\My Documents\Archives\Archive-Macintosh\BS\DAYNARID.SYS"
Sat 28 Nov 1998         1,536 ...HR --- "C:\Documents and Settings\Gilles\My Documents\Archives\Archive-Macintosh\BA\DAYNARID.SYS"
Tue 17 Aug 2004       123,392 ...H. --- "C:\Documents and Settings\Gilles\My Documents\Archives\Docs, lettres 2004\CV\~WRL0390.tmp"
Thu 26 Aug 2004        83,968 ...H. --- "C:\Documents and Settings\Gilles\My Documents\Archives\Docs, lettres 2004\CV\~WRL1539.tmp"
Tue 17 Aug 2004       134,144 ...H. --- "C:\Documents and Settings\Gilles\My Documents\Archives\Docs, lettres 2004\CV\~WRL1684.tmp"
Tue 17 Aug 2004       210,944 ...H. --- "C:\Documents and Settings\Gilles\My Documents\Archives\Docs, lettres 2004\CV\~WRL3865.tmp"

[b]Finished![/b]

anthony5151 · Answer

Très bien, tu peux passer à Combofix en suivant la procédure indiquée plus haut ;)

Et n'oublie pas le rapport hijackthis stp

scaladan · Answer

Hello! Voila le rapport... ComboFix 08-10-08.05 - Gilles 2008-10-10 0:10:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2193 [GMT 2:00] Running from: C:\Documents and Settings\Gilles\Desktop\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VMWARE_NAT_SERVICE -------\Service_VMware NAT Service ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-07 22:37 . 2008-10-07 22:37 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-10-07 22:36 . 2008-10-07 22:36 d-------- C:\WINDOWS\ERUNT 2008-10-07 22:32 . 2008-10-07 22:45 d-------- C:\SDFix 2008-10-05 22:32 . 2008-10-07 22:57 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-05 22:32 . 2008-10-05 22:32 d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes 2008-10-05 22:32 . 2008-10-05 22:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-05 20:28 . 2008-10-05 20:28 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-05 20:14 . 2008-09-18 23:11 723,504 --a------ C:\WINDOWS\system32\vnetlib.dll 2008-10-05 20:14 . 2008-09-18 23:11 399,920 --a------ C:\WINDOWS\system32\vmnat.exe 2008-10-05 20:14 . 2008-09-18 23:11 326,192 --a------ C:\WINDOWS\system32\vmnetdhcp.exe 2008-10-05 20:14 . 2008-09-18 16:49 55,856 -ra------ C:\WINDOWS\system32\vnetinst.dll 2008-10-05 20:14 . 2008-09-18 16:49 50,736 -ra------ C:\WINDOWS\system32\vmnetbridge.dll 2008-10-05 20:14 . 2008-09-18 16:49 31,280 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys 2008-10-05 20:14 . 2008-09-18 23:12 26,288 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys 2008-10-05 20:14 . 2008-09-18 23:12 23,216 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys 2008-10-05 20:14 . 2008-09-18 16:49 18,736 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys 2008-10-05 20:14 . 2008-09-18 16:49 16,560 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys 2008-10-05 19:19 . 2008-10-05 20:12 d-------- C:\Program Files\VMware 2008-10-05 16:57 . 2008-10-05 16:58 d-------- C:\Program Files\QuickTime 2008-10-05 16:57 . 2008-10-05 16:57 d-------- C:\Program Files\Common Files\Apple 2008-10-05 16:18 . 2008-05-20 19:56 2,097,152 --a------ C:\TEMP\autorun.bin 2008-10-05 16:18 . 2008-05-20 11:49 1,570,816 --a------ C:\TEMP\TSDNWIN.exe 2008-10-05 15:21 . 2008-10-05 18:37 4,804 --a------ C:\WINDOWS\system32 mp.reg 2008-10-05 12:06 . 2008-10-05 12:06 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-05 12:06 . 2008-10-05 12:06 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-05 10:25 . 2008-10-07 23:20 d-------- C:\Program Files\SUPERAntiSpyware 2008-10-05 10:25 . 2008-10-07 23:20 d-------- C:\Documents and Settings\Gilles\Application Data\SUPERAntiSpyware.com 2008-10-04 11:42 . 2008-10-04 11:43 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-04 11:19 . 2008-10-04 12:46 d-------- C:\WINDOWS\BDOSCAN8 2008-09-30 23:43 . 2008-09-30 23:43 d-------- C:\Program Files\Spb Backup 2008-09-24 23:36 . 2008-09-24 23:36 d-------- C:\Documents and Settings\Gilles\Application Data\Sprite Software 2008-09-24 23:30 . 2008-09-30 23:40 d-------- C:\Program Files\Sprite Software 2008-09-24 21:28 . 2008-09-24 21:28 244 --ah----- C:\sqmnoopt07.sqm 2008-09-24 21:28 . 2008-09-24 21:28 232 --ah----- C:\sqmdata07.sqm 2008-09-23 16:38 . 2008-09-23 16:38 244 --ah----- C:\sqmnoopt06.sqm 2008-09-23 16:38 . 2008-09-23 16:38 232 --ah----- C:\sqmdata06.sqm 2008-09-21 18:38 . 2008-08-28 13:16 71,184 --a------ C:\WINDOWS\system32\drivers\DefragFS.sys 2008-09-18 23:12 . 2008-09-18 23:12 857,392 --a------ C:\WINDOWS\system32\drivers\vmx86.sys 2008-09-18 23:12 . 2008-09-18 23:12 54,960 --a------ C:\WINDOWS\system32\drivers\vmci.sys 2008-09-18 23:12 . 2008-09-18 23:12 32,304 --a------ C:\WINDOWS\system32\drivers\hcmon.sys 2008-09-18 18:25 . 2008-09-18 18:25 248,368 --a------ C:\WINDOWS\system32\vmnc.dll 2008-09-17 23:15 . 2008-09-17 23:16 d-------- C:\Program Files\Cobian Backup 9 2008-09-11 00:07 . 2008-10-08 00:06 d-------- C:\Program Files\XXX 2008-09-10 01:12 . 2008-09-10 01:19 d-------- C:\Program Files\PhotomatixPro3 2008-09-09 13:49 . 2008-09-09 13:49 230,152 --a------ C:\WINDOWS\system32\PDBoot.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 22:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-10-09 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-10-05 20:39 --------- d-----w C:\Program Files\eMule 2008-10-05 19:13 --------- d-----w C:\Documents and Settings\Gilles\Application Data\VMware 2008-10-05 18:36 --------- d-----w C:\Program Files\ESET 2008-10-05 15:08 --------- d-----w C:\Program Files\BitTorrent 2008-10-05 15:08 --------- d-----w C:\Program Files\Apple Software Update 2008-10-05 10:22 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-10-04 09:36 --------- d-----w C:\Program Files\DAEMON Tools SearchBar 2008-10-04 09:36 --------- d-----w C:\Program Files\DAEMON Tools 2008-09-29 18:01 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-27 15:11 --------- d-----w C:\Documents and Settings\Adrien\Application Data\VMware 2008-09-26 12:44 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-09-26 11:45 --------- d-----w C:\Documents and Settings\Invités\Application Data\VMware 2008-09-26 09:23 --------- d-----w C:\Documents and Settings\Gilles\Application Data\XnView 2008-09-24 22:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 15:39 --------- d-----w C:\Program Files\SmartFTP Client 2008-09-22 15:37 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-09-10 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-10 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 22:59 --------- d-----w C:\Program Files\XnView 2008-09-09 05:38 --------- d-----w C:\Program Files\palmOne 2008-09-09 05:35 --------- d-----w C:\Program Files\Resco 2008-09-09 05:33 --------- d-----w C:\Program Files\Canon 2008-09-06 07:37 --------- d-----w C:\Documents and Settings\Invités\Application Data\Windows Desktop Search 2008-09-02 21:20 --------- d-----w C:\Documents and Settings\Adrien\Application Data\Windows Desktop Search 2008-08-31 21:26 --------- d-----w C:\Documents and Settings\Gilles\Application Data\secret 2008-08-30 07:49 --------- d-----w C:\Program Files\Jeyo 2008-08-30 07:25 --------- d-----w C:\Documents and Settings\Gilles\Application Data\iambic 2008-08-26 22:29 --------- d-----w C:\Program Files\Creative 2008-08-26 22:13 --------- d--h--w C:\Program Files\Creative Installation Information 2008-08-26 21:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Windows Search 2008-08-26 18:31 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Windows Desktop Search 2008-08-26 18:30 --------- d-----w C:\Program Files\Windows Desktop Search 2008-08-25 19:58 64,960 ----a-w C:\WINDOWS\system32\drivers\stcp2v30.sys 2008-08-15 17:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\AdobeUM 2008-08-14 22:10 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-05-06 23:34 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "L07FXLRD_56704953"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [2006-06-13 351000] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Easy Sync"="C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe" [2008-06-02 1318912] "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "Cobian Backup 9 interface"="C:\Program Files\Cobian Backup 9\cbInterface.exe" [2008-07-03 2747392] "ACDSeeSRPro25"="C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe" [2008-08-29 607568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 1953792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "CTSysVol"="C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2003-04-02 131072] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32 wiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\WINDOWS\KHALMNPR.Exe] "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll] "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] Task Manager.lnk - C:\WINDOWS\system32 askmgr.exe [2001-08-23 135680] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] zz [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Winamp Remote\bin\OrbTray.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\SmartFTP Client\SmartFTP.exe"= "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R2 CobianBackupAmanita;Cobian Backup 9 service;C:\Program Files\Cobian Backup 9\cbService.exe [2008-07-03 582144] R2 Greyware SloStart Service;Greyware SloStart Service;c:\windows\system32\slostart.exe [2004-03-08 122880] R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512] R2 SSL-Explorer;SSL-Explorer;C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe [2008-03-04 135168] R2 vmci;VMware vmci;C:\WINDOWS\system32\Drivers\vmci.sys [2008-09-18 54960] R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ] S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ] S3 xpvcom;XPVCOM Port;C:\WINDOWS\system32\Drivers\xpvcom.sys [2007-03-23 30032] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf90802-d8da-11db-be4a-0018f39e2d65}] \Shell\AutoRun\command - H:\AUTOTMM.EXE Ver40 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-QuickTime Task - zzC:\Program Files\QuickTime\QTTask.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\43o3xlbq.default\ FF -: plugin - C:\Program Files hriXXX\WebLaunch\Binaries pWebLaunch.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . . ------- File Associations ------- . VBSFile=%WINDIR%\System32\CScript.exe //nologo "%1" %* . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-10 00:14:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\Program Files\Philips ToUcam Camera\VProperty.exe??U?c?a?m? ?C?a?m?e?r?a?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\snmp.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Java\jre1.6.0_07\bin\java.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32 undll32.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\PROGRA~1\MICROS~3 apimgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe . ************************************************************************** . Completion time: 2008-10-10 0:18:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-09 22:18:14 Pre-Run: 146'292'903'936 bytes free Post-Run: 146,370,347,008 bytes free 252 --- E O F --- 2008-09-10 05:44:05

scaladan · Answer

Et celui de HijackThis...
Merci !!! 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:57, on 10.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\java\jre1.6.0_07\bin\java.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MICROS~3apimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L07FXLRD_56704953] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Easy Sync] C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKCU\..\Run: [ACDSeeSRPro25] "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Task Manager.lnk = C:\WINDOWS\system32	askmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.provincia.savona.it/turismo
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2013B6-1AC7-4DFC-AA0E-F26378826FA0}: NameServer = 192.168.1.1,195.186.1.111,195.186.4.111
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Greyware SloStart Service - Greyware Automation Products, Inc. - c:\windows\system32\slostart.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SSL-Explorer - Unknown owner - C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

anthony5151 · Answer

Sais-tu ce qu'est ce dossier ?  Si ça correspond à un de tes programmes, enlève le de la liste ci dessous (sinon il sera supprimé)


1) Toujours avec toutes les protections désactivées, fais ceci :

Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File:: 
C:\TEMP\autorun.bin
C:\TEMP\TSDNWIN.exe

Folder:: 
C:\Program Files\XXX

Registry:: 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf90802-d8da-11db-be4a-0018f39e2d65}]

------------------------------------------------------------------

- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes 

·  Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide. 
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal ! 
Ne touche à rien tant que le scan n'est pas terminé. 
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



2) Télécharge l'outil Flash_Disinfector (de sUBs) : 
ici http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
ou ici download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Enregistre Flash_Disinfector.exe sur ton bureau. 
Double clique sur Flash_Disinfector.exe pour l'exécuter. 
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra, branche tous tes disques amovibles (clé USB, disque dur externe, lecteur mp3...) sans les ouvrir
Puis clique sur OK 
Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!] 
Appuie ensuite sur OK, pour faire réapparaître le bureau. 



3) Poste un dernier rapport hijackthis stp

scaladan · Answer

Voila le rapport de ComboFix... ComboFix 08-10-10.09 - Gilles 2008-10-11 19:23:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1974 [GMT 2:00] Running from: C:\Documents and Settings\Gilles\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Gilles\Desktop\CFScript.txt * Created a new restore point * Resident AV is active [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] FILE :: C:\TEMP\autorun.bin C:\TEMP\TSDNWIN.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\XXX C:\TEMP\autorun.bin C:\TEMP\TSDNWIN.exe . ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-10 00:40 . 2008-10-10 00:40 d-------- C:\Program Files\Trend Micro 2008-10-07 22:37 . 2008-10-07 22:37 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-10-07 22:36 . 2008-10-07 22:36 d-------- C:\WINDOWS\ERUNT 2008-10-07 22:32 . 2008-10-07 22:45 d-------- C:\SDFix 2008-10-05 22:32 . 2008-10-07 22:57 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-05 22:32 . 2008-10-05 22:32 d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes 2008-10-05 22:32 . 2008-10-05 22:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-05 20:28 . 2008-10-05 20:28 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-05 20:14 . 2008-09-18 23:11 723,504 --a------ C:\WINDOWS\system32\vnetlib.dll 2008-10-05 20:14 . 2008-09-18 23:11 399,920 --a------ C:\WINDOWS\system32\vmnat.exe 2008-10-05 20:14 . 2008-09-18 23:11 326,192 --a------ C:\WINDOWS\system32\vmnetdhcp.exe 2008-10-05 20:14 . 2008-09-18 16:49 55,856 -ra------ C:\WINDOWS\system32\vnetinst.dll 2008-10-05 20:14 . 2008-09-18 16:49 50,736 -ra------ C:\WINDOWS\system32\vmnetbridge.dll 2008-10-05 20:14 . 2008-09-18 16:49 31,280 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys 2008-10-05 20:14 . 2008-09-18 23:12 26,288 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys 2008-10-05 20:14 . 2008-09-18 23:12 23,216 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys 2008-10-05 20:14 . 2008-09-18 16:49 18,736 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys 2008-10-05 20:14 . 2008-09-18 16:49 16,560 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys 2008-10-05 19:19 . 2008-10-05 20:12 d-------- C:\Program Files\VMware 2008-10-05 16:57 . 2008-10-05 16:58 d-------- C:\Program Files\QuickTime 2008-10-05 16:57 . 2008-10-05 16:57 d-------- C:\Program Files\Common Files\Apple 2008-10-05 15:21 . 2008-10-05 18:37 4,804 --a------ C:\WINDOWS\system32 mp.reg 2008-10-05 12:06 . 2008-10-05 12:06 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-05 12:06 . 2008-10-05 12:06 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-05 10:25 . 2008-10-07 23:20 d-------- C:\Program Files\SUPERAntiSpyware 2008-10-05 10:25 . 2008-10-07 23:20 d-------- C:\Documents and Settings\Gilles\Application Data\SUPERAntiSpyware.com 2008-10-04 11:42 . 2008-10-04 11:43 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-04 11:19 . 2008-10-04 12:46 d-------- C:\WINDOWS\BDOSCAN8 2008-09-30 23:43 . 2008-09-30 23:43 d-------- C:\Program Files\Spb Backup 2008-09-24 23:36 . 2008-09-24 23:36 d-------- C:\Documents and Settings\Gilles\Application Data\Sprite Software 2008-09-24 23:30 . 2008-09-30 23:40 d-------- C:\Program Files\Sprite Software 2008-09-24 21:28 . 2008-09-24 21:28 244 --ah----- C:\sqmnoopt07.sqm 2008-09-24 21:28 . 2008-09-24 21:28 232 --ah----- C:\sqmdata07.sqm 2008-09-23 16:38 . 2008-09-23 16:38 244 --ah----- C:\sqmnoopt06.sqm 2008-09-23 16:38 . 2008-09-23 16:38 232 --ah----- C:\sqmdata06.sqm 2008-09-21 18:38 . 2008-08-28 13:16 71,184 --a------ C:\WINDOWS\system32\drivers\DefragFS.sys 2008-09-18 23:12 . 2008-09-18 23:12 857,392 --a------ C:\WINDOWS\system32\drivers\vmx86.sys 2008-09-18 23:12 . 2008-09-18 23:12 54,960 --a------ C:\WINDOWS\system32\drivers\vmci.sys 2008-09-18 23:12 . 2008-09-18 23:12 32,304 --a------ C:\WINDOWS\system32\drivers\hcmon.sys 2008-09-18 18:25 . 2008-09-18 18:25 248,368 --a------ C:\WINDOWS\system32\vmnc.dll 2008-09-17 23:15 . 2008-09-17 23:16 d-------- C:\Program Files\Cobian Backup 9 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 23:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-10-09 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-10-05 20:39 --------- d-----w C:\Program Files\eMule 2008-10-05 19:13 --------- d-----w C:\Documents and Settings\Gilles\Application Data\VMware 2008-10-05 18:36 --------- d-----w C:\Program Files\ESET 2008-10-05 15:08 --------- d-----w C:\Program Files\BitTorrent 2008-10-05 15:08 --------- d-----w C:\Program Files\Apple Software Update 2008-10-05 10:22 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-10-04 09:36 --------- d-----w C:\Program Files\DAEMON Tools SearchBar 2008-10-04 09:36 --------- d-----w C:\Program Files\DAEMON Tools 2008-09-29 18:01 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-27 15:11 --------- d-----w C:\Documents and Settings\Adrien\Application Data\VMware 2008-09-26 12:44 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-09-26 11:45 --------- d-----w C:\Documents and Settings\Invités\Application Data\VMware 2008-09-26 09:23 --------- d-----w C:\Documents and Settings\Gilles\Application Data\XnView 2008-09-24 22:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 15:39 --------- d-----w C:\Program Files\SmartFTP Client 2008-09-22 15:37 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-09-10 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-10 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 23:19 --------- d-----w C:\Program Files\PhotomatixPro3 2008-09-09 22:59 --------- d-----w C:\Program Files\XnView 2008-09-09 11:49 230,152 ----a-w C:\WINDOWS\system32\PDBoot.exe 2008-09-09 05:38 --------- d-----w C:\Program Files\palmOne 2008-09-09 05:35 --------- d-----w C:\Program Files\Resco 2008-09-09 05:33 --------- d-----w C:\Program Files\Canon 2008-09-06 07:37 --------- d-----w C:\Documents and Settings\Invités\Application Data\Windows Desktop Search 2008-09-02 21:20 --------- d-----w C:\Documents and Settings\Adrien\Application Data\Windows Desktop Search 2008-08-31 21:26 --------- d-----w C:\Documents and Settings\Gilles\Application Data\secret 2008-08-30 07:49 --------- d-----w C:\Program Files\Jeyo 2008-08-30 07:25 --------- d-----w C:\Documents and Settings\Gilles\Application Data\iambic 2008-08-26 22:29 --------- d-----w C:\Program Files\Creative 2008-08-26 22:27 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-08-26 22:27 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-08-26 22:13 --------- d--h--w C:\Program Files\Creative Installation Information 2008-08-26 21:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Windows Search 2008-08-26 18:31 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Windows Desktop Search 2008-08-26 18:30 --------- d-----w C:\Program Files\Windows Desktop Search 2008-08-25 19:58 64,960 ----a-w C:\WINDOWS\system32\drivers\stcp2v30.sys 2008-08-15 17:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\AdobeUM 2008-08-14 22:10 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2006-06-23 12:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe 2008-05-06 23:34 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-10_ 0.17.39.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-09 22:13:57 228,511 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-10-09 23:12:56 228,511 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-10-09 23:06:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8ac.dat + 2008-10-09 23:06:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "L07FXLRD_56704953"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [2006-06-13 351000] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Easy Sync"="C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe" [2008-06-02 1318912] "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "Cobian Backup 9 interface"="C:\Program Files\Cobian Backup 9\cbInterface.exe" [2008-07-03 2747392] "ACDSeeSRPro25"="C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe" [2008-08-29 607568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 1953792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "CTSysVol"="C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2003-04-02 131072] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32 wiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\WINDOWS\KHALMNPR.Exe] "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll] "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] Task Manager.lnk - C:\WINDOWS\system32 askmgr.exe [2001-08-23 135680] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] zz [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Winamp Remote\bin\OrbTray.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\SmartFTP Client\SmartFTP.exe"= "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R2 CobianBackupAmanita;Cobian Backup 9 service;C:\Program Files\Cobian Backup 9\cbService.exe [2008-07-03 582144] R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512] R2 SSL-Explorer;SSL-Explorer;C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe [2008-03-04 135168] R2 vmci;VMware vmci;C:\WINDOWS\system32\Drivers\vmci.sys [2008-09-18 54960] R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ] S2 Greyware SloStart Service;Greyware SloStart Service;c:\windows\system32\slostart.exe [2004-03-08 122880] S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ] S3 xpvcom;XPVCOM Port;C:\WINDOWS\system32\Drivers\xpvcom.sys [2007-03-23 30032] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-11 19:24:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\Program Files\Philips ToUcam Camera\VProperty.exe??U?c?a?m? ?C?a?m?e?r?a?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-11 19:25:17 ComboFix-quarantined-files.txt 2008-10-11 17:25:14 Pre-Run: 146'194'247'680 bytes free Post-Run: 146,193,698,816 bytes free 226 --- E O F --- 2008-09-10 05:44:05

scaladan · Answer

Et le rapport HijackThis...
Merci beaucoup pour votre aide... C'est vraiment très sympa!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:33, on 11.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\java\jre1.6.0_07\bin\java.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MICROS~3apimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L07FXLRD_56704953] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Easy Sync] C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKCU\..\Run: [ACDSeeSRPro25] "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeSR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1844237615-484061587-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Task Manager.lnk = C:\WINDOWS\system32	askmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.provincia.savona.it/turismo
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2013B6-1AC7-4DFC-AA0E-F26378826FA0}: NameServer = 192.168.1.1,195.186.1.111,195.186.4.111
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Greyware SloStart Service - Greyware Automation Products, Inc. - c:\windows\system32\slostart.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SSL-Explorer - Unknown owner - C:\Program Files\sslexplorer\install\platforms\windows\wrapper.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

anthony5151 · Answer

Très bien, les rapports que tu as posté ne montrent plus aucune infection :)
As-tu encore des problèmes ?  Sinon lis bien tout ce qui suit :


Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;)  Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).



1) Sécurise ton ordinateur 

- Pare-feu :
Il ne faut pas avoir plusieurs pare-feu, ils risquent d'entrer en conflit. Il me semble que NOD32 incluse un pare-feu, si c'est bien le cas, désactive le ou désinstalle ZoneAlarm.

- Anti-spyware :
Tu n'as apparemment pas d'anti-spyware actif : 
* Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement, tous les 10 jours environ, et activer toutes les protections (« Enable all protection ») 
* En complément, garde MalwareBytes pour son scan de nettoyage performant.

- Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ». Tu peux trouver des explications ici



2) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) : 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install    
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE    
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe    
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe    
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe    
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')    
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')    
O4 - HKUS\S-1-5-21-1844237615-484061587-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'ASPNET')    
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')    
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')    

Coche également toutes les lignes commençant par 016

Ensuite, clique sur "Fix checked" 



3) Télécharge ToolsCleaner sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer. 
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.



4) Télécharge et installe CCleaner (attention à l'installation, pense à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Relance le nettoyage une deuxième fois.

Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).



5) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection). 

* Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés. 
* Sélectionne l'onglet restauration du système 
* Coche l'option Désactiver la restauration du système sur tous les lecteurs 
* Clique sur OK. 

Puis refais la manipulation inverse pour réactiver la restauration système. 



6) Je t'invite enfin à visiter cette page qui t'apportera des information de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
Prévention et sécurité sur internet



7) Enfin, si tu n as pas d'autres problèmes, tu peux changer le statut du sujet en résolu : Aide





Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)

scaladan · Answer

Merci beaucoup Anthony pour toute ton aide !!!
J'ai hautement apprécié...

anthony5151 · Answer

De rien, c'était un plaisir de t'aider ;)
N'hésite pas à revenir en cas de besoin

Virus Alert!

16 réponses

Discussions similaires