Je sais plus quoi faire ... Résolu

Question

Bonjour,

cette fois c'est officiel, mon PC est infecté.

Je ne sais plus quoi faire.

Après avoir lancé un scan avec antivir dont je vous post le rapport, j'ai tenté une désinfection en ligne mais impossible de le faire par internet explorer. (il bloque)

Travaillant sous firefox, je ne peux le faire non plus.

Le rapport hijacthis ne donne rien,

et pourtant antivir m'a trouvé : Trojan horse TR/Dldr.Small.bws.20

Que faire ???

merci de votre aide...

AntiVir PersonalEdition Classic
Report file date: 2008-10-23 17:56

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Louve
Computer name: AD4C14E

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-10-23 17:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker18.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '49659ffd.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker19.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '49659ffe.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '48fa72c7.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '49659fff.qua'!
C:\Documents and Settings\coco\Bureau\fichiers d'installations\BOS_127_NOCD.zip
[0] Archive type: ZIP
--> BOS_127_NOCD.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4953a071.qua'!
C:\Documents and Settings\coco\Bureau\JEUX\Fallout 2\Fallout.2.(Jeu.PC.Français)[www.donkey-games.be.tf].ace
[0] Archive type: ACE
--> Fallout 2 (Jeu PC Franais)\PROGRAM\WIN\CFGWIN.___
[WARNING] Error creating the file
--> Fallout 2 (Jeu PC Franais)\PROGRAM\WIN\FALLOUT2.___
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP215\A0053310.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9ce.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP216\A0053374.exe
[0] Archive type: ZIP
--> BOS_127_NOCD.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9d0.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP216\A0053375.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9d1.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP216\A0054536.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4930a9d6.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP218\A0054782.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9dc.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP218\A0054783.exe
[0] Archive type: ZIP
--> BOS_127_NOCD.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9dd.qua'!
C:\System Volume Information\_restore{F41E992E-75E3-4ED7-896D-4D8118A3FE83}\RP218\A0054901.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '4930a9df.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <BACKUP>
Begin scan in 'E:\' <RECOVER>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: 2008-10-23 18:57
Used time: 1:01:03 min

The scan has been done completely.

11814 Scanning directories
304416 Files were scanned
7 viruses and/or unwanted programs were found
5 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
304409 Files not concerned
3257 Archives were scanned
5 Warnings
34 Notes

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Startup: Registry Defender Platinum.lnk = C:\Program Files\Registry Defender Platinum\RegistryDefender.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\DLLRD3232.dll
O20 - Winlogon Notify: 146b1136488 - C:\WINDOWS\System32\DLLRD3232.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 3801 bytes

--
a crazy little thing called love

Configuration: Windows XP
Firefox 2.0.0.17

archet9 · Answer

bonsoir
---> Télécharge ComboFix.exe de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\ 

---> Double-clique sur Combofix.exe 
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...". 
Accepte en cliquant sur "Oui" 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

~~Louve~~ · Answer

Bonjour archet9,

merci de me répondre voici le rapport demandé de combofix

Impossible de réactiver antivir ! :/

ComboFix 08-10-23.05 - coco 2008-10-24 8:47:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.191 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\coco\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\mxfilerelatedcache.mxc2
C:\WINDOWS\system32\9.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Service_poof

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 03:14 . 2008-10-24 03:14 <REP> d-------- C:\Program Files\directx
2008-10-24 03:14 . 2008-10-24 03:14 <REP> d-------- C:\Program Files\CCleaner
2008-10-24 03:14 . 2008-10-24 03:14 <REP> d----c--- C:\Documents and Settings\coco\Application Data\Xfire
2008-10-24 02:48 . 2008-10-24 03:09 <REP> d-------- C:\Program Files\Cossacks - The Art Of War
2008-10-24 02:48 . 2001-10-30 19:36 4,292,608 -ra------ C:\WINDOWS\unasetup.exe
2008-10-24 02:44 . 2008-10-24 03:09 <REP> d-------- C:\Program Files\Cossacks
2008-10-24 02:43 . 2001-03-16 20:34 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-10-24 02:22 . 2008-10-24 02:22 <REP> d-------- C:\Program Files\LucasArts
2008-10-24 02:21 . 2008-10-24 03:14 <REP> d---s---- C:\Program Files\Xfire
2008-10-24 01:13 . 2008-10-24 03:10 <REP> d-------- C:\Program Files\Bit Che
2008-10-24 00:16 . 2008-10-24 00:16 317,952 --ahs---- C:\WINDOWS\system32\8E.tmp
2008-10-23 23:53 . 2008-10-23 23:53 <REP> d----c--- C:\rsit
2008-10-23 23:41 . 2008-10-23 23:41 2,793,852 --a--c--- C:\upload_moi_LAURENT-AD4C14E.tar.gz
2008-10-23 23:16 . 2008-10-23 23:16 317,952 --ahs---- C:\WINDOWS\system32\51.tmp
2008-10-23 22:04 . 2008-10-23 22:04 317,952 --ahs---- C:\WINDOWS\system32\31.tmp
2008-10-23 21:04 . 2008-10-23 21:04 317,952 --ahs---- C:\WINDOWS\system32\27.tmp
2008-10-23 20:58 . 2008-10-24 03:11 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-10-23 17:54 . 2008-10-23 17:54 <REP> d-------- C:\Program Files\Avira
2008-10-23 17:35 . 2008-10-23 17:36 1,956 --a------ C:\WINDOWS\Corsairs.isu
2008-10-23 17:34 . 1998-01-23 12:20 305,152 --a------ C:\WINDOWS\IsUn0410.exe
2008-10-23 17:33 . 2008-10-23 17:33 317,952 --ahs---- C:\WINDOWS\system32\18A.tmp
2008-10-23 17:25 . 2008-10-23 17:25 0 --a------ C:\WINDOWS\system32\15F.tmp
2008-10-23 16:25 . 2008-10-23 16:25 317,952 --ahs---- C:\WINDOWS\system32\15D.tmp
2008-10-23 14:47 . 2008-10-23 14:47 0 --a------ C:\WINDOWS\system32\AF.tmp
2008-10-23 13:47 . 2008-10-23 13:48 317,952 --ahs---- C:\WINDOWS\system32\A2.tmp
2008-10-23 12:47 . 2008-10-23 12:47 317,952 --ahs---- C:\WINDOWS\system32\7F.tmp
2008-10-23 11:47 . 2008-10-23 11:47 317,952 --ahs---- C:\WINDOWS\system32\7E.tmp
2008-10-23 10:47 . 2008-10-23 10:47 317,952 --ahs---- C:\WINDOWS\system32\7D.tmp
2008-10-23 09:47 . 2008-10-23 09:47 317,952 --ahs---- C:\WINDOWS\system32\4B.tmp
2008-10-23 08:07 . 2008-10-23 08:08 317,952 --ahs---- C:\WINDOWS\system32\AE.tmp
2008-10-23 07:07 . 2008-10-23 07:08 317,952 --ahs---- C:\WINDOWS\system32\AD.tmp
2008-10-23 06:07 . 2008-10-23 06:08 317,952 --ahs---- C:\WINDOWS\system32\AC.tmp
2008-10-23 05:29 . 2008-10-23 05:29 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-23 05:04 . 2008-10-23 05:04 317,952 --ahs---- C:\WINDOWS\system32\93.tmp
2008-10-23 04:23 . 2008-10-24 03:12 <REP> d-------- C:\Program Files\eMule
2008-10-23 03:53 . 2008-10-23 03:53 4,139 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-23 03:46 . 2008-10-23 03:46 <REP> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-23 03:46 . 2008-10-23 03:46 317,952 --ahs---- C:\WINDOWS\system32\3E.tmp
2008-10-23 03:46 . 2008-10-23 03:46 131,072 --a------ C:\WINDOWS\system32\DLLRD3232.dll
2008-10-23 03:46 . 2008-10-23 03:46 1,293 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-23 03:11 . 2008-10-24 03:13 <REP> d-------- C:\Program Files\IZArc
2008-10-21 05:11 . 2008-10-21 05:11 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-21 05:11 . 2008-10-21 05:11 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-17 23:40 . 2008-10-20 20:24 <REP> d-------- C:\Program Files\Bullfrog
2008-10-17 23:39 . 1996-02-08 09:54 284,160 --a------ C:\WINDOWS\unin040c.exe
2008-10-07 20:18 . 2008-10-07 20:18 <REP> d-------- C:\Program Files\BlackIsle
2008-10-03 10:46 . 2008-10-03 11:09 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-27 00:30 . 2008-09-27 00:30 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-09-27 00:30 . 2008-09-27 00:30 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-09-27 00:30 . 2008-10-23 03:03 <REP> d-a--c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-24 04:35 . 2008-09-24 04:35 <REP> d-------- C:\Program Files\BoontyGames
2008-09-24 04:06 . 2008-09-24 04:06 <REP> d-------- C:\WINDOWS\Desktop
2008-09-24 02:49 . 2008-09-24 04:38 <REP> d-------- C:\Program Files\Téléchargeur de Beach Life
2008-09-24 02:49 . 2008-09-24 02:49 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-09-24 02:49 . 2008-09-24 02:52 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 01:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 01:14 --------- d-----w C:\Program Files\Steam
2008-10-24 01:13 --------- dc----w C:\Documents and Settings\coco\Application Data\Azureus
2008-10-24 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-24 01:11 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-23 20:28 11,134 -c--a-w C:\Documents and Settings\coco\Application Data\wklnhst.dat
2008-10-23 15:54 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-10-23 02:23 --------- dc----w C:\Documents and Settings\coco\Application Data\LimeWire
2008-10-07 18:20 53,248 ----a-w C:\WINDOWS\ipuninst.exe
2008-10-07 01:54 --------- d-----w C:\Program Files\GameSpy Arcade
2008-10-07 01:54 --------- d-----w C:\Program Files\14 Degrees East
2008-09-28 22:44 --------- d-----w C:\Program Files\Wanadoo
2008-09-23 23:23 --------- d-----w C:\Program Files\Trend Micro
2008-09-23 19:02 --------- dc----w C:\Documents and Settings\coco\Application Data\Malwarebytes
2008-09-23 19:02 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-21 10:14 --------- dc----w C:\Documents and Settings\coco\Application Data\Auslogics
2008-09-21 10:14 --------- d-----w C:\Program Files\Auslogics
2008-09-18 19:32 --------- dc----w C:\Documents and Settings\coco\Application Data\Uniblue
2008-09-18 17:11 --------- d-----w C:\Program Files\Governor of Poker
2008-09-16 11:00 --------- dc----w C:\Documents and Settings\coco\Application Data\funkitron
2008-09-11 17:55 --------- d-----w C:\Program Files\Google
2008-09-10 19:49 --------- d-----w C:\Program Files\Vuze
2008-09-10 19:42 --------- dc----w C:\Documents and Settings\coco\Application Data\uTorrent
2008-09-10 17:12 --------- d-----w C:\Program Files\Azureus
2008-09-10 15:46 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-09-10 15:46 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-09-05 20:10 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-09-05 20:08 --------- dc----w C:\Documents and Settings\coco\Application Data\Samsung
2008-09-05 19:49 --------- d-----w C:\Program Files\Samsung
2008-09-05 11:10 --------- dc----w C:\Documents and Settings\coco\Application Data\GetRightToGo
2008-09-05 11:10 --------- d-----w C:\Program Files\Replay Media Catcher
2008-09-05 07:45 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-05 07:45 --------- d-----w C:\Program Files\Microsoft Works
2008-09-03 15:02 --------- d-----w C:\Program Files\LeVillage3d
2008-09-03 00:06 --------- dc----w C:\Documents and Settings\coco\Application Data\SecondLife
2008-09-01 14:57 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-24 14:10 --------- dc----w C:\Documents and Settings\coco\Application Data\My Games
2008-08-24 14:04 --------- d-----w C:\Program Files\Firaxis Games
2008-03-10 18:16 16 ---ha-w C:\Program Files\mxfilerelatedcache.mxc2
2007-12-21 04:17 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-12-21 04:06 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-12-21 04:05 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-06-14 21:10 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

------- Sigcheck -------

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
2008-09-10 17:46 360320 073941d59ae065910064b728dee981ee C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-09-10 17:46 360320 073941d59ae065910064b728dee981ee C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 160768]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-11-09 407408]

C:\Documents and Settings\Default User.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-11-09 407408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\146b1136488]
2008-10-23 03:46 131072 C:\WINDOWS\system32\DLLRD3232.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\DLLRD3232.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpng"= C:\Program Files\t@b\[u]0[/u].958\686\tabdec.dll
"vidc.mvjp"= C:\Program Files\t@b\[u]0[/u].958\686\tabdec.dll
"vidc.444p"= C:\Program Files\t@b\[u]0[/u].958\686\tabdec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=C:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Sense Agent.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Sense Agent.lnk
backup=C:\WINDOWS\pss\Sense Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^coco^Menu Démarrer^Programmes^Démarrage^CamTrack.lnk]
path=C:\Documents and Settings\coco\Menu Démarrer\Programmes\Démarrage\CamTrack.lnk
backup=C:\WINDOWS\pss\CamTrack.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-17 19:54 1410296 c:\Program Files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"BackWeb Plug-in - 6588780"=2 (0x2)
"ScsiAccess"=2 (0x2)
"AVP"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"aawservice"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"SPF4"=2 (0x2)
"vsmon"=2 (0x2)
"x10nets"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MioNet"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FTRTSVC"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"Capture Device Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DigitalPeers\\CamTrack\\camtrack.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Steam\\steamapps\\cerber56\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\cerber56\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\cerber56\\day of defeat source\\hl2.exe"=

R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-03-10 110304]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [ ]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-01 17408]
S3 gkmixern;gkmixern;C:\DOCUME~1\coco\LOCALS~1\Temp\gkmixern.sys [ ]
S3 MPCSYS;MPCSYS;C:\WINDOWS\system32\DRIVERS\mpcsys.sys [2006-05-22 15360]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\system32\VNICPKT5.SYS [ ]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [ ]
S4 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [2005-07-15 139264]
S4 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\csetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373ab9f6-fb32-11db-937d-0009dd504049}]
\Shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56194f7c-66f7-11dd-98bb-001109be9923}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c61da1c6-6704-11dd-98bc-001109be9923}]
\Shell\Auto\command - J:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-17 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-10-15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-12-19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-AdVantage Setup - C:\Program Files\DAEMON Tools Lite\AdVantageSetup.exe
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-MessengerPlusLiveUninstall - C:\DOCUME~1\coco\LOCALS~1\Temp\MsgPlusUninstall.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\coco\Application Data\Mozilla\Firefox\Profiles\fa55a89n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 08:59:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\DLLRD3232.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-24 9:04:27 - La machine a redémarré [coco]
ComboFix-quarantined-files.txt 2008-10-24 07:04:25

Avant-CF: 10,932,494,336 octets libres
Après-CF: 11,576,467,456 octets libres

297 --- E O F --- 2008-10-24 00:00:15

--

~~Louve~~ · Answer

Re archet9,  voici ce que tu m'as demandé.

Rapport 1/


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1311
Windows 5.1.2600 Service Pack 2

24/10/2008 13:20:30
mbam-log-2008-10-24 (13-20-30).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 175127
Temps écoulé: 1 hour(s), 3 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup\23_10_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.


Rapport 2/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:04, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\DLLRD3232.dll
O20 - Winlogon Notify: 146b1136488 - C:\WINDOWS\System32\DLLRD3232.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

Utilisateur anonyme · Answer

bonjour

pourrais tu faire ceci stp

Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

sKe69 · Answer

Salut ~~louve~~ 
Salut à tous,


je pense voir d'ou ton prb provient .... une fois le rapport Toolbar posté fais ceci :

1- Avoir accès aux fichiers cachés :
 
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
* "Afficher les fichiers et dossiers cachés" ---> coché 
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché 
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... ) 


2-  Important :
Branches toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir ! 
Tu les retireras après la manipe ... 


3- Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Copies ce qui suit et colles le dans l'espace pour la recherche : 
K:\csetup.exe 

Cliques sur Send File ( = " Envoyer le fichier " ). 

Un rapport va s'élaborer ligne à ligne. 

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copies le dans ta prochaine réponse ... 

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
J:\fun.xls.exe 
C:\WINDOWS\system32\51.tmp 
C:\WINDOWS\system32\31.tmp 
C:\WINDOWS\IsUn0410.exe 
C:\WINDOWS\GnuHashes.ini 
C:\WINDOWS\system32\GroupPolicy000.dat 

postes moi donc ces 7 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...

Utilisateur anonyme · Answer

salut ske69

~~Louve~~ · Answer

Bonsoir à tous,


j'ai tenté de poster le rapport fait avec la toolbar eric_71 mais il ne s'affiche pas :/

Il doit contenir quelque chose qui a été bloqué par CCM.

je tente une nouvelle fois juste après ce message au cas où...

Merci de votre aide

Louve

~~Louve~~ · Answer

C'est confirmé, il ne s'affiche pas...

comment faire :/ ???

~~Louve~~ · Answer

Salut Ske69,

je viens de le faire, je ne sais pas si tu l'as reçu...

je passe à la suite, même si je n'ai pas mon DD externe avec moi ???

Il est chez un ami...

aquarelle · Answer

Bonsoir,
Voici le rapport bloqué.
Bonne continuation
24 oct 2008 à 23:22:31	~~Louve~~	

	
-----------\ [..\Internet Explorer\Main]

[HKEY_ CURRENT_USER\Software\ Microsoft\Internet Explorer\ Main]
"Local Page"="C:\WINDOWS \system32 \ blank .htm"
"Search Page"="https://www.microsoft.com/fr-fr/ .com/isapi /redir. dll?prd= ie&ar= iesearch"
"Search Migrated Default URL "="http://www.google .com/ search?q={search Terms}& sourceid=ie7&rls=com .microsoft: en-US& ie=utf8& oe =utf8"
"Start Page"="http://www. google .fr/"
"Url"="http ://go. microsoft .com /fwlink /? LinkId= 68929"
"Url"="http ://go. microsoft .com/ fwlink/? LinkId= 68928"
"Url"="http ://go. microsoft .com/ fwlink/? LinkID= 68928"
"Url"="http ://go. microsoft. com/ fwlink/? LinkID= 44406"
"Url"="http ://go. microsoft. com/ fwlink/? LinkID= 68929"

[H KEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Internet Explorer\ Main]
"Default_Page_ URL" ="http: //go. microsoft. com/ fwlink/? LinkId= 69157"
"Default_Search_ URL" ="http: //go. microsoft. com/ fwlink/? LinkId= 54896"
"Search Page"=" http:// go. microsoft. com/ fwlink/? LinkId= 54896"
"Start Page"=" http:// go. microsoft. com/ fwlink/? LinkId= 69157"


--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:\DOCUME~1\coco\Application Data\ Azureus 	orrents\ Star Wars Empire At War NoCD Crack for v1.2 [mininova].torrent
C:\DOCUME~1\coco\Bureau\ fallout 2 \Fallout 2 (Jeu PC Français)\Crack
C:\DOCUME~1\coco\Bureau\fallout 2 \Fallout 2 (Jeu PC Français)\Crack\F2_Patch.exe
C:\DOCUME~1\coco\Bureau\fallout 2\ Fallout 2 (Jeu PC Français)\Crack\FALLOUT2.EXE
C:\DOCUME~1\coco\Bureau\fallout 2\ Fallout 2 (Jeu PC Français)\Crack\Installation.txt
C:\DOCUME~1\coco\Bureau\fallout 2\ Fallout 2 (Jeu PC Français)\Crack\PATCH000.DAT
C:\DOCUME~1\coco\Bureau\fallout 2\ Fallout 2 (Jeu PC Français)\Crack\README.TXT
C:\DOCUME~1\coco\Bureau\JEUX\ crack empire at war
C:\DOCUME~1\coco\Bureau\JEUX \crack$
C:\DOCUME~1\coco\Bureau\JEUX \crack$\ReadME.txt
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWEAW
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWEAWFOC Cracks.rar
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWFOC
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWEAW\PerceptionFunctionG.dll
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWEAW\sweaw.exe
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWFOC\PerceptionFunctionG.dll
C:\DOCUME~1\coco\Bureau\JEUX \crack$\SWFOC\swfoc.exe
C:\DOCUME~1\coco\Bureau \MUSIQUES 2\ rap, rnb\ rap rnb div \ ciara - goodies remix ft nore and peedi crack. mp3
C:\DOCUME~1\coco\Mes documents\ Azureus Downloads\ StarWars Empire At War CRACK NO CD-DVD+1.2pach engl-spanish Funciona Good.rar
C:\DOCUME~1\coco\Mes documents\ Downloads\ Metadata\ _crack_ 10 commandements version instrumentale by CLONECD Extended. wma.xml


1 - "C:\ToolBar SD\TB_1.txt" - 24/10/2008|22:45 - Option : [1]

-----------\ Fin du rapport a 22:45:31,79


J'ai procédé volontairement à des sépartion par barre espace pour voir s'il s affiche, désolée si c'est illisible :/

J'avais prêté mon PC à qlq1 pour téléchargement, pas très malin de ma part je l'avoue.


Mon DD Externe, n'est pas non plus entre mes mains, dois-je avertir la personne à qui je l'ai prêté d'une éventuelle infection si il y a lieu ???


merci de votre aide à tous,

louve

-- 
a crazy little thing called love

~~Louve~~ · Answer

Bonjour,


désolée de pas avoir donné de nouvelles.

Plus de virus sur le PC un ami est venu à la maison et s'en est débarrassé, car ma connexion ne durait pas plus de quelques minutes...

Merci de votre aide à tous.

Bonne continuation.

Louve

Je sais plus quoi faire ...

11 réponses

Newsletters