Spyaxe: aide pour rapport

Franck -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,

mon ordi est infecte par un virus/spyware assez agacant qui affiche toutes les 2 min un message "your computer is infected"
j ai suivi les recommandations trouvees sur ce site, a savoir lancer smitfraudix et publier sur ce forum le rapport genere.

j espere qu une bonne ame saura me depanner!

merci d avance
Franck

SmitFraudFix v2.357

Scan done at 17:12:10.87, Fri 10/10/2008
Run from C:\Documents and Settings\Moi\Desktop\virus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Documents and Settings\All Users\Application Data\hqvcdeti\dwhybyjo.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\twbcdepa.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Moi\Desktop\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\_scui.cpl FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moi

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moi\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Moi\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\akl\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karna.dat"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

C:\WINDOWS\system32\drivers\beep.sys infected !

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.29.103.15
DNS Server Search Order: 24.29.103.16

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
Configuration: Windows XP
Firefox 3.0.3

38 réponses

  • 1
  • 2
Résumé de la discussion

Un ordinateur Windows XP est infecté par un spyware/malware affichant des messages intempestifs, avec de nombreux processus et modules suspects répertoriés dans le rapport SmitfraudFix et les rapports HijackThis. Plusieurs réponses préconisent de démarrer en mode sans échec, puis d’exécuter SmitfraudFix (sélection 2) pour supprimer les fichiers responsables et, si nécessaire, nettoyer le registre et remplacer le fichier infecté. Des conseils complémentaires suggèrent ensuite d’analyser les rapports avec HijackThis, de ne pas supprimer arbitrairement des entrées et d’utiliser des outils additionnels comme VirusTotal, Navilog ou des barres d’outils pour clarifier les faux positifs.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Salut,

    continuons :

    A-Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

    Impératif : Démarrer en mode sans echec .

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Comment aller en Mode sans échec :
    1) Redémarres ton ordi .
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
    3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
    4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
    5) Choisis ton compte habituel ( et pas Administrateur ).
    attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

    * Double-cliques sur SmitfraudFix.exe

    * Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

    --> Si besion :

    * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

    ( Le correctif déterminera si le fichier wininet.dll est infecté.)

    * A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
    pour remplacer le fichier corrompu.

    * Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement )

    Le rapport se trouve à la racine de C\:
    (dans le fichier "rapport.txt")

    Postes moi ce dernier rapport ...

    Une fois posté , enchaines avec ceci :

    B - Télécharges et installes le logiciel HijackThis :

    ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
    ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
    A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    tuto pour utilisation :
    Regardes ici, c'est parfaitement expliqué en images (merci balltrap34),
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    ( Ne fixes encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

    2- !! Déconnectes toi et fermes toute tes applications en cours !!

    Cliques sur le raccourci du bureau pour lancer le prg :
    fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

    ---> Postes le rapport généré pour analyse ...
    1
  2. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage )
    Double cliquer sur smitfraudfix.cmd

    Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Redémarrer en mode normal et poster le rapport
    1
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut télescopage de message je vous laisse continuer bon courage a vous
      -1
      1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > benurrr Messages postés 9766 Statut Contributeur sécurité
         
        ;-)
        0
  3. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Bien ...

    la suite dans l'ordre :

    1- Avoir accès aux fichiers cachés :

    Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
    * "Afficher les fichiers et dossiers cachés" ---> coché
    * "Masquer les extensions des fichiers dont le type est connu" ---> décoché
    * "masquer les fichiers du système" ---> décoché
    -> valides la modif ( "appliquer" puis "ok" ).
    ( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

    2- Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Copies ce qui suit et colles le dans l'espace pour la recherche :
    C:\WINDOWS\brastk.exe

    Cliques sur Send File ( = " Envoyer le fichier " ).

    Un rapport va s'élaborer ligne à ligne.

    Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copies le dans ta prochaine réponse ( surtout le listing des AV ) ...

    ( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

    ->Une fois ce rapport posté , fais la suite :

    3 - Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    1
  4. Franck
     
    Merci les gars pour votre aide!

    Voila le second rapport Smitfraudfix

    Pour info j ai toujorus ces saloperies de messages qui s affichent

    SmitFraudFix v2.357

    Scan done at 17:48:36.44, Fri 10/10/2008
    Run from C:\Documents and Settings\Moi\Desktop\virus\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\_scui.cpl Deleted
    C:\Program Files\akl\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EEB5848-3C0E-4A44-A41E-EA97F3852DB8}: DhcpNameServer=24.29.103.15 24.29.103.16
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Franck
     
    et voila le rapport hijackthis
    j espere que ca va vous eclairer, passke moi pas tellement!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:07:47 PM, on 10/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe" /hide
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  7. Franck
     
    Me revoila, encore merci

    le rapport sur le fichier brastk.exe:

    AhnLab-V3 2008.10.10.1 2008.10.10 -
    AntiVir 7.8.1.34 2008.10.10 -
    Authentium 5.1.0.4 2008.10.10 -
    Avast 4.8.1248.0 2008.10.10 Win32:Lighty
    AVG 8.0.0.161 2008.10.10 Downloader.Generic7.AXHU
    BitDefender 7.2 2008.10.10 -
    CAT-QuickHeal 9.50 2008.10.10 -
    ClamAV 0.93.1 2008.10.10 -
    DrWeb 4.44.0.09170 2008.10.10 -
    eSafe 7.0.17.0 2008.10.08 -
    eTrust-Vet 31.6.6141 2008.10.10 Win32/FakeAlert.GA
    Ewido 4.0 2008.10.10 -
    F-Prot 4.4.4.56 2008.10.10 -
    F-Secure 8.0.14332.0 2008.10.11 Suspicious:W32/Malware!Gemini
    Fortinet 3.113.0.0 2008.10.10 -
    GData 19 2008.10.10 Win32:Lighty
    Ikarus T3.1.1.34.0 2008.10.10 Virus.Win32.Lighty
    K7AntiVirus 7.10.490 2008.10.10 -
    Kaspersky 7.0.0.125 2008.10.11 -
    McAfee 5403 2008.10.11 Generic Downloader.x
    Microsoft 1.4005 2008.10.11 TrojanDownloader:Win32/Renos
    NOD32 3513 2008.10.10 a variant of Win32/TrojanDownloader.FakeAlert.LG
    Norman 5.80.02 2008.10.10 W32/Lighty.D
    Panda 9.0.0.4 2008.10.10 Generic Malware
    PCTools 4.4.2.0 2008.10.10 -
    Prevx1 V2 2008.10.11 Cloaked Malware
    Rising 20.65.42.00 2008.10.10 -
    SecureWeb-Gateway 6.7.6 2008.10.10 -
    Sophos 4.34.0 2008.10.10 Mal/Generic-A
    Sunbelt 3.1.1715.1 2008.10.10 -
    Symantec 10 2008.10.11 Trojan.Virantix
    TheHacker 6.3.1.0.106 2008.10.10 -
    TrendMicro 8.700.0.1004 2008.10.10 -
    VBA32 3.12.8.6 2008.10.10 OScope.Downloader.Braviax.3
    ViRobot 2008.10.10.1416 2008.10.10 -
    VirusBuster 4.5.11.0 2008.10.10 Trojan.DR.Renos.ATB
    Information additionnelle
    File size: 10240 bytes
    MD5...: 900f4c745d83ee5378238a87ffebc905
    SHA1..: 8c51d65a04d0a8dbd3c5fc71905e8705baaca18a
    SHA256: 43fd23e8b0365934d04f6113ca69546bbf494b59e2d0eae1975522db58fe27b3
    SHA512: 19581c6eac91ba5a81992d62e3c69faed609864c3aa8f237cdbc8c53d5f749bd
    45fc555a5b2123754a1b72e49b83a81e0526462f92be8652b031a79fc1f19d14
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x401000
    timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1000 0x200 4.88 ec70df73525d7aeb1d063017d0c6da8f
    .data 0x2000 0x7000 0x2200 7.43 4806a45b758184af94f5e5ac70865c87
    .rdata 0x9000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rsrc 0xe000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

    ( 3 imports )
    > KERNEL32.DLL: BeginUpdateResourceA, CallNamedPipeW, CommConfigDialogW, CreateMailslotW, EnumCalendarInfoExW, ExitProcess, FindFirstFileW, GetCommState, GetConsoleCursorInfo, GetCurrentDirectoryW, GetFileSize, GetLocaleInfoW, GetProcAddress, GetProcessTimes, GetQueuedCompletionStatus, GetStringTypeA, GetTapeStatus, GlobalFindAtomA, IsBadHugeWritePtr, LocalCompact, SetConsoleTextAttribute, SetProcessWorkingSetSize, SetSystemTime, SetThreadAffinityMask, TerminateProcess, UTRegister, UpdateResourceA, lstrcatA, lstrcmpi, lstrcpy
    > USER32.DLL: CharToOemBuffW, CharUpperA, CreateDesktopW, CreateDialogParamW, EnableScrollBar, EnumDesktopWindows, EnumDisplayDevicesW, EnumWindowStationsW, GetAltTabInfo, GetDlgItem, GetKeyboardLayout, GetKeyboardLayoutNameW, GetThreadDesktop, GetUserObjectSecurity, GetWindowTextA, IsWindow, LoadKeyboardLayoutW, MapVirtualKeyW, OpenDesktopW, RegisterTasklist, SendIMEMessageExW, SendInput, SetProcessDefaultLayout, SetWindowContextHelpId, ShowWindow
    > GDI32.DLL: CreateDIBPatternBrushPt, CreateEllipticRgn, CreateRectRgnIndirect, DPtoLP, DeviceCapabilitiesExA, EnumFontsW, Escape, ExtTextOutW, GdiGetBatchLimit, GetArcDirection, GetCharABCWidthsFloatA, GetCharWidthA, GetClipBox, GetColorSpace, GetDeviceCaps, GetMapMode, GetMetaFileA, GetNearestColor, GetPaletteEntries, GetPixel, GetSystemPaletteEntries, GetWindowOrgEx, PlayMetaFile, PlayMetaFileRecord, ResetDCA, SetColorSpace, SetTextAlign, SetTextCharacterExtra, StretchBlt
    0
  8. Franck
     
    et voila le rapport toolbar SD:

    -----------\\ ToolBar S&D 1.2.2 XP/Vista

    Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1500MHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
    USER : Moi ( Administrator )
    BOOT : Normal boot
    Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
    C:\ (Local Disk) - NTFS - Total : 55 Go Free : 3 Go
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
    Option : [1] ( Fri 10/10/2008|19:34 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\Moi\Cookies\moi@monstercrawler[1].txt
    C:\DOCUME~1\Moi\Cookies\moi@search.monstercrawler[1].txt
    C:\WINDOWS\iun6002.exe

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.com/?gws_rd=ssl"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.com/?gws_rd=ssl"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/10/2008|19:33 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - Fri 10/10/2008|19:35 - Option : [1]

    -----------\\ Fin du rapport a 19:35:39.73
    0
  9. Franck
     
    ok, je continue de suivre les instructions...
    pas encore la nuit, je suis base aux us

    rapport apres nettoyage TD:

    -----------\\ ToolBar S&D 1.2.2 XP/Vista

    Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1500MHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
    USER : Moi ( Administrator )
    BOOT : Normal boot
    Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
    C:\ (Local Disk) - NTFS - Total : 55 Go Free : 3 Go
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
    Option : [2] ( Fri 10/10/2008|21:15 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\Moi\Cookies\moi@monstercrawler[1].txt
    Supprime! - C:\DOCUME~1\Moi\Cookies\moi@search.monstercrawler[1].txt
    Supprime! - C:\WINDOWS\iun6002.exe

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.com/?gws_rd=ssl"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - Fri 10/10/2008|19:33 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - Fri 10/10/2008|19:35 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - Fri 10/10/2008|21:18 - Option : [2]

    -----------\\ Fin du rapport a 21:18:31.71
    0
  10. Franck
     
    et le rapport hijack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:00 PM, on 10/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  11. Franck
     
    le truc c est que j avais deja telecharge malwarebyte et que je l ai fait tourner en full scan pendant que j etais au resto, cad avant de faire le nettoyage td

    j ai retrouve le log correspondant:
    (je vais refaire un full scan comme demande)

    Malwarebytes' Anti-Malware 1.28
    Database version: 1252
    Windows 5.1.2600 Service Pack 2

    10/10/2008 9:02:13 PM
    mbam-log-2008-10-10 (21-02-13).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 146644
    Time elapsed: 1 hour(s), 14 minute(s), 58 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 15
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 59

    Memory Processes Infected:
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access (Adware.MediaAccess) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\Drivers\beep.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access\Info.txt (Adware.MediaAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access\MediaAccK.exe (Adware.MediaAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
  12. Franck
     
    alors le rapport malwarebyte qui a tourne pendant la nuit:
    (sans surprise il a rien detecte vu qu il avait deja tourne dans la journee)
    (au passage, la saloperie de virus envoyrant des faux messages a ete eliminee sans doute, ca ne s affiche plus)

    Malwarebytes' Anti-Malware 1.28
    Database version: 1252
    Windows 5.1.2600 Service Pack 2

    10/11/2008 8:25:51 AM
    mbam-log-2008-10-11 (08-25-51).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 145218
    Time elapsed: 3 hour(s), 47 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    0
  13. Franck
     
    et le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:37:41 AM, on 10/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  14. Franck
     
    hop, un petit rapport navilog:

    Search Navipromo version 3.6.6 commencé le Sat 10/11/2008 à 8:47:00.17

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Moi"

    Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

    Microsoft Windows XP [Version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Moi\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Moi\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Moi\startm~1\programs" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Moi\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Moi\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le Sat 10/11/2008 à 8:56:12.21 ***
    0
  15. Franck
     
    me revoila, avec un rapport combofix:

    ComboFix 08-10-10.09 - Moi 2008-10-11 14:11:17.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248 [GMT -4:00]
    Running from: C:\Documents and Settings\Moi\Desktop\ComboFix.exe
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Moi\Cookies\cakadu.pif
    C:\Documents and Settings\Moi\Cookies\edaq.dat
    C:\Documents and Settings\Moi\Cookies\ofaqawihup.reg
    C:\WINDOWS\system32\drivers\fad.sys

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
    .

    2008-10-11 13:39 . 2008-10-11 13:39 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 08:44 . 2008-10-11 08:56 <DIR> d-------- C:\Program Files\Navilog1
    2008-10-10 22:39 . 2008-10-10 22:39 0 --a------ C:\WINDOWS\SCANUS.INI
    2008-10-10 22:39 . 2008-10-10 22:39 0 --a------ C:\WINDOWS\mds.ini
    2008-10-10 19:41 . 2008-10-10 19:41 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-10-10 19:41 . 2008-10-10 19:41 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
    2008-10-10 19:32 . 2008-10-10 21:17 4,146 --a------ C:\Documents and Settings\Orph.egd
    2008-10-10 19:27 . 2008-10-10 21:18 <DIR> d-------- C:\ToolBar SD
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Program Files\Malwarebytes
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Documents and Settings\Moi\Application Data\Malwarebytes
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 17:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-10 17:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-10 17:12 . 2008-10-10 17:48 4,570 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-10-08 20:41 . 2008-10-10 17:53 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
    2008-10-08 20:37 . 2008-10-11 14:19 524,320 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
    2008-10-08 20:37 . 2008-10-11 14:15 7,172 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
    2008-10-08 00:28 . 2008-10-08 00:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-08 00:24 . 2008-10-08 00:24 <DIR> d-------- C:\Program Files\Zone Labs
    2008-10-08 00:23 . 2008-10-11 14:16 358,381 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml
    2008-10-08 00:21 . 2008-10-11 14:16 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-10-07 23:52 . 2008-10-07 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-07 23:51 . 2008-10-07 23:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-07 23:43 . 2008-10-07 23:43 19,937 --a------ C:\Documents and Settings\All Users\Application Data\ewukuco.bat
    2008-10-07 23:43 . 2008-10-07 23:43 19,794 --a------ C:\Program Files\Common Files\uramyd.pif
    2008-10-07 23:43 . 2008-10-07 23:43 18,688 --a------ C:\WINDOWS\zilyvipop.dat
    2008-10-07 23:43 . 2008-10-07 23:43 17,286 --a------ C:\Program Files\Common Files\datalycux.dat
    2008-10-07 23:43 . 2008-10-07 23:43 16,787 --a------ C:\Program Files\Common Files\nabeloxo.bin
    2008-10-07 23:43 . 2008-10-07 23:43 16,006 --a------ C:\WINDOWS\SYSTEM32\iduliry.vbs
    2008-10-07 23:43 . 2008-10-07 23:43 15,958 --a------ C:\Documents and Settings\All Users\Application Data\iferisewum.reg
    2008-10-07 23:43 . 2008-10-07 23:43 14,598 --a------ C:\Documents and Settings\All Users\Application Data\hetunan.dll
    2008-10-07 23:43 . 2008-10-07 23:43 13,033 --a------ C:\WINDOWS\SYSTEM32\gujiwev.pif
    2008-10-07 23:43 . 2008-10-07 23:43 12,092 --a------ C:\Documents and Settings\All Users\Application Data\ydukoqe.reg
    2008-10-07 23:43 . 2008-10-07 23:43 11,539 --a------ C:\Documents and Settings\All Users\Application Data\uqufu.sys
    2008-10-07 23:43 . 2008-10-07 23:43 11,239 --a------ C:\WINDOWS\ecixegoz.dl
    2008-10-07 23:43 . 2008-10-07 23:43 10,908 --a------ C:\Program Files\Common Files\zititogux.scr
    2008-10-07 23:43 . 2008-10-07 23:43 10,446 --a------ C:\Documents and Settings\Moi\Application Data\alogysusyb.com
    2008-10-07 23:43 . 2008-10-07 23:43 10,400 --a------ C:\WINDOWS\SYSTEM32\iququw.scr
    2008-10-07 23:42 . 2008-10-10 17:05 717 --a------ C:\WINDOWS\SYSTEM32\wini104552502.exe
    2008-10-07 23:35 . 2008-10-10 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hqvcdeti
    2008-09-17 15:37 . 2008-09-17 15:37 <DIR> d-------- C:\Program Files\sina
    2008-09-17 15:37 . 2008-09-17 15:37 <DIR> d--hs---- C:\CacheDir
    2008-09-17 15:37 . 2008-06-20 06:45 360,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys.old
    2008-09-15 15:11 . 2008-09-15 15:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 03:29 --------- d-----w C:\Documents and Settings\Moi\Application Data\uTorrent
    2008-10-11 02:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-11 02:39 --------- d-----w C:\Program Files\MktgEng
    2008-10-10 12:01 --------- d-----w C:\Program Files\PPStream
    2008-10-08 03:52 --------- d-----w C:\Program Files\Lavasoft
    2008-10-08 03:43 13,799 ----a-w C:\Program Files\Common Files\vady.ban
    2008-09-21 18:13 --------- d-----w C:\Program Files\Java
    2007-06-21 22:38 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 22:38 79,432 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 22:38 71,240 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 22:38 140,872 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 22:39 38,472 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2007-06-21 22:39 46,664 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 22:39 34,376 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
    2007-06-21 22:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 22:40 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    2005-03-03 08:02 8 --sh--r C:\WINDOWS\SYSTEM32\E88509E173.sys
    .

    ------- Sigcheck -------

    2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2006-11-21 16:12 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
    2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
    2008-06-20 06:45 360320 01d5eaaff224415a7ff513e4c882be30 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 06:45 360320 01d5eaaff224415a7ff513e4c882be30 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 335872]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 487424]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 28672]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 33792]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-19 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2005-07-04 20:33 188482 C:\WINDOWS\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-10-13 10:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-13 10:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-10-13 10:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
    --a------ 2005-07-04 20:32 639040 C:\WINDOWS\SYSTEM32\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Moi\\Desktop\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\Moi\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\VideoLAN\\vlc.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\sina\\SAP\\SAPlatform.exe"=

    R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2005-10-06 81408]
    S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264]
    S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [ ]
    S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20096]
    S3 PCIUtil;PCI Utility;C:\DOCUME~1\Moi\LOCALS~1\Temp\PCIUtil.sys [ ]
    S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2002-12-22 607232]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-11 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FRANCOIS-Moi).job
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\default.zhn\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
    FF -: plugin - C:\Documents and Settings\Moi\Application Data\Mozilla\Firefox\Profiles\default.zhn\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
    FF -: plugin - C:\Program Files\VideoLAN\npvlc.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 14:18:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\ati2evxx.exe
    C:\WINDOWS\SYSTEM32\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\SYSTEM32\RegSrvc.exe
    C:\WINDOWS\SYSTEM32\wdfmgr.exe
    C:\WINDOWS\SYSTEM32\ati2evxx.exe
    C:\WINDOWS\SYSTEM32\1XConfig.exe
    C:\Program Files\Apoint\ApntEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-11 14:23:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-11 18:23:41

    Pre-Run: 3,925,716,992 bytes free
    Post-Run: 3,841,642,496 bytes free

    221 --- E O F --- 2008-09-21 18:18:41
    0
  16. Franck
     
    eu nouveau rapport hijackthis pour la route:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:49, on 2008-10-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  17. Franck
     
    OK je m y attelle...
    j en profite pour repeter toute ma gratitude pour ce coup de main!

    j aimerais bien rendre la pareille, mais je suis plutot une quiche en info
    0
  18. Franck
     
    alors le rapport combofix:

    ComboFix 08-10-10.09 - Moi 2008-10-11 15:42:16.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254 [GMT -4:00]
    Running from: C:\Documents and Settings\Moi\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Moi\Desktop\CFScript.txt
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]

    FILE ::
    C:\Documents and Settings\All Users\Application Data\ewukuco.bat
    C:\Documents and Settings\All Users\Application Data\hetunan.dll
    C:\Documents and Settings\All Users\Application Data\iferisewum.reg
    C:\Documents and Settings\All Users\Application Data\uqufu.sys
    C:\Documents and Settings\All Users\Application Data\ydukoqe.reg
    C:\Documents and Settings\Moi\Application Data\alogysusyb.com
    C:\Program Files\Common Files\datalycux.dat
    C:\Program Files\Common Files\nabeloxo.bin
    C:\Program Files\Common Files\uramyd.pif
    C:\Program Files\Common Files\zititogux.scr
    C:\WINDOWS\ecixegoz.dl
    C:\WINDOWS\SYSTEM32\gujiwev.pif
    C:\WINDOWS\SYSTEM32\iduliry.vbs
    C:\WINDOWS\SYSTEM32\iququw.scr
    C:\WINDOWS\SYSTEM32\wini104552502.exe
    C:\WINDOWS\zilyvipop.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\ewukuco.bat
    C:\Documents and Settings\All Users\Application Data\hetunan.dll
    C:\Documents and Settings\All Users\Application Data\hqvcdeti
    C:\Documents and Settings\All Users\Application Data\iferisewum.reg
    C:\Documents and Settings\All Users\Application Data\uqufu.sys
    C:\Documents and Settings\All Users\Application Data\ydukoqe.reg
    C:\Documents and Settings\Moi\Application Data\alogysusyb.com
    C:\Program Files\Common Files\datalycux.dat
    C:\Program Files\Common Files\nabeloxo.bin
    C:\Program Files\Common Files\uramyd.pif
    C:\Program Files\Common Files\zititogux.scr
    C:\WINDOWS\ecixegoz.dl
    C:\WINDOWS\SYSTEM32\gujiwev.pif
    C:\WINDOWS\SYSTEM32\iduliry.vbs
    C:\WINDOWS\SYSTEM32\iququw.scr
    C:\WINDOWS\SYSTEM32\wini104552502.exe
    C:\WINDOWS\zilyvipop.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
    .

    2008-10-11 13:39 . 2008-10-11 13:39 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 08:44 . 2008-10-11 08:56 <DIR> d-------- C:\Program Files\Navilog1
    2008-10-10 22:39 . 2008-10-10 22:39 0 --a------ C:\WINDOWS\SCANUS.INI
    2008-10-10 22:39 . 2008-10-10 22:39 0 --a------ C:\WINDOWS\mds.ini
    2008-10-10 19:41 . 2008-10-10 19:41 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-10-10 19:41 . 2008-10-10 19:41 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
    2008-10-10 19:32 . 2008-10-10 21:17 4,146 --a------ C:\Documents and Settings\Orph.egd
    2008-10-10 19:27 . 2008-10-10 21:18 <DIR> d-------- C:\ToolBar SD
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Program Files\Malwarebytes
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Documents and Settings\Moi\Application Data\Malwarebytes
    2008-10-10 17:22 . 2008-10-10 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 17:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-10 17:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-10 17:12 . 2008-10-10 17:48 4,570 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-10-10 17:11 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-10-10 17:11 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-10-10 17:11 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
    2008-10-10 17:11 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-10-10 17:11 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\SYSTEM32\o4Patch.exe
    2008-10-10 17:11 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-10-10 17:11 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
    2008-10-10 17:11 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
    2008-10-10 17:11 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-10-10 17:11 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-10-08 20:41 . 2008-10-10 17:53 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
    2008-10-08 20:37 . 2008-10-11 15:46 618,528 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
    2008-10-08 20:37 . 2008-10-11 14:15 7,172 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
    2008-10-08 00:28 . 2008-10-08 00:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-08 00:24 . 2008-10-08 00:24 <DIR> d-------- C:\Program Files\Zone Labs
    2008-10-08 00:23 . 2008-10-11 14:16 358,381 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml
    2008-10-08 00:21 . 2008-10-11 15:39 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-10-07 23:52 . 2008-10-07 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-07 23:51 . 2008-10-07 23:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-17 15:37 . 2008-09-17 15:37 <DIR> d-------- C:\Program Files\sina
    2008-09-17 15:37 . 2008-09-17 15:37 <DIR> d--hs---- C:\CacheDir
    2008-09-17 15:37 . 2008-06-20 06:45 360,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys.old
    2008-09-15 15:11 . 2008-09-15 15:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 03:29 --------- d-----w C:\Documents and Settings\Moi\Application Data\uTorrent
    2008-10-11 02:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-11 02:39 --------- d-----w C:\Program Files\MktgEng
    2008-10-10 12:01 --------- d-----w C:\Program Files\PPStream
    2008-10-08 03:52 --------- d-----w C:\Program Files\Lavasoft
    2008-10-08 03:43 13,799 ----a-w C:\Program Files\Common Files\vady.ban
    2008-09-21 18:13 --------- d-----w C:\Program Files\Java
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
    2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
    2007-06-21 22:38 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 22:38 79,432 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 22:38 71,240 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 22:38 140,872 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 22:39 38,472 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2007-06-21 22:39 46,664 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 22:39 34,376 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
    2007-06-21 22:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 22:40 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    2005-03-03 08:02 8 --sh--r C:\WINDOWS\SYSTEM32\E88509E173.sys
    .

    ------- Sigcheck -------

    2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2006-11-21 16:12 359808 45265cbad25c6254afafc7bdd88bdb4b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
    2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
    2008-06-20 06:45 360320 01d5eaaff224415a7ff513e4c882be30 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 06:45 360320 01d5eaaff224415a7ff513e4c882be30 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 335872]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 487424]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 28672]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 33792]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-19 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2005-07-04 20:33 188482 C:\WINDOWS\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-10-13 10:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-13 10:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-10-13 10:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
    --a------ 2005-07-04 20:32 639040 C:\WINDOWS\SYSTEM32\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Moi\\Desktop\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\Moi\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\VideoLAN\\vlc.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\sina\\SAP\\SAPlatform.exe"=

    R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2005-10-06 81408]
    S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264]
    S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [ ]
    S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20096]
    S3 PCIUtil;PCI Utility;C:\DOCUME~1\Moi\LOCALS~1\Temp\PCIUtil.sys [ ]
    S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2002-12-22 607232]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-11 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FRANCOIS-Moi).job
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe []
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 15:45:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll
    .
    Completion time: 2008-10-11 15:47:55
    ComboFix-quarantined-files.txt 2008-10-11 19:47:35
    ComboFix2.txt 2008-10-11 18:23:48

    Pre-Run: 3,782,602,752 bytes free
    Post-Run: 3,766,906,880 bytes free

    232 --- E O F --- 2008-09-21 18:18:41
    0
  19. Franck
     
    suivi du traditionnel log de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:53, on 2008-10-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    0
  20. Franck
     
    ah ouais nickel, mon ordi semble marcher du feu de dieu.
    il a retrouve une seconde jeunesse
    merci bien!

    je vais recup l antivirus. il faut un firewall special aussi ou celui de windows est suffisant?

    le rapport demande:

    [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\TB.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Toolbar SD: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Moi\Desktop\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Moi\Desktop\ComboFix.exe: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\SmitFraudFix.zip: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\Navilog1.exe: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\HJTInstall.exe: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\ToolBarSD.exe: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\fixnavi.txt: trouvé !
    C:\Documents and Settings\Moi\Desktop\virus\SmitFraudfix: trouvé !
    C:\Program Files\HijackThis: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\Moi\Desktop\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Moi\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\Moi\Desktop\virus\SmitFraudFix.zip: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\Navilog1.exe: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\Navilog1.lnk: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\HJTInstall.exe: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\ToolBarSD.exe: supprimé !
    C:\Program Files\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\TB.txt: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\fixnavi.txt: supprimé !
    C:\Program Files\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\Toolbar SD: supprimé !
    C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
    C:\Documents and Settings\Moi\Desktop\virus\SmitFraudfix: supprimé !
    C:\Program Files\HijackThis: supprimé !
    C:\Program Files\Navilog1: supprimé !
    0
  21. Franck
     
    ouep je parlais bien de l antivirus que tu avais indique. je l ai recup et fait tourner pendant la nuit. le rapport est ci dessous.
    pour le firewall c est jsute une version d evluation de zone alarm qui va pas tarder a expirer, donc si tu as des recommandations du cote des freeware je suis preneur...

    le rapport:

    Avira AntiVir Personal
    Report file date: 2008-10-12 03:30

    Scanning for 1677110 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Moi
    Computer name: MI

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 19:54:15
    ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 2008-10-08 07:16:19
    ANTIVIR3.VDF : 7.0.7.28 120320 Bytes 2008-10-11 07:16:20
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 2008-10-12 07:16:30
    AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 18:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 2008-10-12 07:16:29
    AEPACK.DLL : 8.1.2.3 364918 Bytes 2008-10-12 07:16:27
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 2008-10-12 07:16:26
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 2008-10-12 07:16:25
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 18:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-10-12 07:16:23
    AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 14:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 2008-10-12 07:16:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 18:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-12 07:16:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: 2008-10-12 03:30

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '74' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Moi\My Documents\X4\X4 D\enterrement vie garçon boris.zip
    [0] Archive type: ACE
    --> enterrement vie garヌon 031.jpg
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Installs\Programs\FairStars Audio Converter v1.36.zip
    [0] Archive type: ZIP
    --> 21/FairStars_Audio_Converter_v1.36.zip
    [1] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    --> 21/FairStars_Audio_Converter_v1.36/keygen.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The file was moved to '495acc21.qua'!
    C:\Installs\Programs\Nero_Burning_ROM_6.6.0.8.rar
    [0] Archive type: RAR
    --> Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
    [DETECTION] Contains recognition pattern of a probably damaged CC/00233 sample
    [NOTE] The file was moved to '4963cc62.qua'!
    C:\Jeux\sauvegardes\Still Life Saves\Still.Life.noCD.crack.rar
    [0] Archive type: RAR
    --> Still_Life.noCD.crack-DIE.ShadowCast\StillLife.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The file was moved to '495acd12.qua'!
    C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd5469.sys
    [WARNING] The file could not be opened!

    End of the scan: 2008-10-12 07:07
    Used time: 3:36:42 Hour(s)

    The scan has been done completely.

    6958 Scanning directories
    365394 Files were scanned
    1 viruses and/or unwanted programs were found
    3 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    365386 Files not concerned
    3852 Archives were scanned
    5 Warnings
    3 Notes
    0
  • 1
  • 2