Bonsoir à tous,

Depuis quelques jours, j'ai un problème avec IE6 : des pop-ups qui me redirigents vers des sites d'antivirus/anti-spyware/anti-popups (quelle ironie). De plus, certains mots deviennent soulignés (2 fois) et en passant la souris dessus, une pub s'affiche. Exemple :



Je précise que j'ai toujours Avast et zonealarm qui tournent, et suite à mes ennuis, j'ai essayé Ad-Aware et Spyware Terminator. Ces derniers ont trouvés des problèmes sur mon ordi mais rien concernant ces pop-ups et mots-clés qui affichent des pubs.

Suite à tout celà, je viens solliciter votre expertise, avec d'avance tout mes remerciement !!

J'ai fait un sysytem scan avec HiJackThis, voilà le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 03:44:06, on 28/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avast 4\aswUpdSv.exe
C:\Program Files\Avast 4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avast 4\ashWebSv.exe
C:\Program Files\Avast 4\ashMaiSv.exe
C:\WINNT\system32\sstray.exe
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\Flashget\FlashGet\jccatch.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\Flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\Flashget\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\Flashget\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\Flashget\FlashGet\flashget.exe
O16 - DPF: {16B5B183-46E2-1672-2874-426882197953} - mhtml:file://c:\jhs.mht!http://fastercan.com/scp.exe
O16 - DPF: {432A4583-74A4-5521-8142-016605761023} - mhtml:file://c:\jhs.mht!http://fastercan.com/scp.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4089682D-53D2-4E85-BBCB-45FE9E77E907}: NameServer = 84.103.237.140 86.64.145.140
O20 - Winlogon Notify: byxvtsr - byxvtsr.dll (file missing)
O20 - Winlogon Notify: ssqrq - C:\WINNT\system32\ssqrq.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast 4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINNT\system32\x10nets.exe (file missing)

En esperant que quelqu'un saura y lire la solution à mes modestes ennuis... :-)

Bonjour,

Merci pour cette aide précieuse.

Que veux-tu dire par "pour les mots, c'est normal"? Celà viendrait du site visité? (je précise que le même phénomène apparait sur le forum d'infos-du-net).

Voilà le rapport de Combofix.exe :

--------------------------------------------------------------

"Syl" - 2007-05-28 14:27:43 Service Pack 4
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Syl\Bureau\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\rrawwtyf.dll
C:\WINNT\system32\qrqss.bak1
C:\WINNT\system32\qrqss.bak2
C:\WINNT\system32\qrqss.ini
C:\WINNT\system32\qrqss.ini2
C:\WINNT\system32\qrqss.bak1
C:\WINNT\system32\qrqss.bak2
C:\WINNT\system32\qrqss.ini
C:\WINNT\system32\qrqss.ini2


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\DOCUME~1\Syl\Bureau.\internet explorer.lnk"
"C:\install.log"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 03:13 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_264.dat
2007-05-28 02:52 138,368 --a------ C:\WINNT\system32\drivers\sp_rsdrv2.sys
2007-05-28 02:50 <DIR> d-a------ C:\Program Files\Spyware Terminator
2007-05-28 02:50 <DIR> d-a------ C:\DOCUME~1\Syl\APPLIC~1\Spyware Terminator
2007-05-28 02:50 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-05-28 02:36 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_260.dat
2007-05-28 02:30 75,512 --a------ C:\WINNT\zllsputility.exe
2007-05-28 02:30 54,936 --a------ C:\WINNT\system32\vsutil_loc040c.dll
2007-05-28 02:30 42,648 --a------ C:\WINNT\zllsputility_loc040c.dll
2007-05-28 02:30 22,168 --a------ C:\WINNT\system32\imsinstall_loc040c.dll
2007-05-28 02:30 18,072 --a------ C:\WINNT\system32\imslsp_install_loc040c.dll
2007-05-28 02:30 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-05-28 02:30 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-05-28 00:38 <DIR> d-------- C:\WINNT\AU_Temp
2007-05-27 23:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_204.dat
2007-05-27 21:24 512 --a------ C:\ScanSectorLog.dat
2007-05-27 21:05 4,640 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-05-27 21:05 2,030,368 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-05-27 20:55 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-05-27 20:38 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-05-27 20:01 0 --a------ C:\WINNT\nsreg.dat
2007-05-26 20:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_334.dat
2007-05-25 20:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_294.dat
2007-05-24 23:08 <DIR> d-------- C:\DOCUME~1\Syl\APPLIC~1\Lavasoft
2007-05-24 23:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-24 00:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-05-24 00:14 <DIR> d-------- C:\Program Files\Virtual Villagers
2007-05-23 21:23 <DIR> d-------- C:\Program Files\Boonty
2007-05-23 20:49 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-23 20:46 <DIR> d-------- C:\Program Files\bfgclient
2007-05-23 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-05-23 20:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_36c.dat
2007-05-20 16:13 <DIR> d-------- C:\Program Files\Dofus


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 00:32:38 4,212 ---h--w C:\WINNT\system32\zllictbl.dat
2007-05-27 22:38:23 86,094 ----a-w C:\WINNT\BPMNT.dll
2007-05-27 22:38:23 1,101,904 ----a-w C:\WINNT\vsapi32.dll
2007-05-27 22:31:57 71,749 ----a-w C:\WINNT\HCExtOutput.dll
2007-05-27 22:31:57 267,845 ----a-w C:\WINNT\tsc.exe
2007-05-27 22:31:00 507,904 ----a-w C:\WINNT\TMUPDATE.DLL
2007-05-27 22:30:59 69,689 ----a-w C:\WINNT\UNZIP.DLL
2007-05-27 22:30:59 286,720 ----a-w C:\WINNT\PATCH.EXE
2007-05-25 09:34:37 -------- d-----w C:\DOCUME~1\Syl\APPLIC~1\Azureus
2007-05-24 21:07:27 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-05-24 13:41:00 -------- d-----w C:\Program Files\DC++
2007-05-21 05:52:02 -------- d-----w C:\Program Files\eMule
2007-05-20 13:51:32 -------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-05-20 13:51:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-20 13:50:18 -------- d-----w C:\Program Files\OpenOffice
2007-05-01 13:39:32 -------- d---a-w C:\Program Files\Avast 4
2007-04-30 23:37:23 -------- d-----w C:\Program Files\Dream Match Tennis Pro
2007-04-30 15:46:10 745,600 ----a-w C:\WINNT\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINNT\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINNT\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINNT\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINNT\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINNT\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINNT\system32\AVASTSS.scr
2007-04-15 16:17:48 -------- d-----w C:\Program Files\MSN Messenger
2007-04-15 16:17:47 -------- d-----w C:\Program Files\Messenger
2007-04-12 18:22:26 -------- d-----w C:\Program Files\NEXON
2007-04-05 07:17:56 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-04 22:19:10 -------- d-----w C:\Program Files\Super macro
2007-03-29 01:03:47 -------- d-----w C:\Program Files\Azureus
2007-03-13 09:45:08 246,032 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:18:04 381,712 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:18:03 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:18:03 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 11:14:50 1,642,064 ----a-w C:\WINNT\system32\WIN32K.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-01-12 19:38 ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{A5366673-E8CA-11D3-9CD9-0090271D075B}=C:\PROGRA~1\Flashget\FlashGet\jccatch.dll [02-01-16 19:12 ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [04-02-10 14:08 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"nForce Tray Options"="sstray.exe" [02-11-13 09:34 C:\WINNT\system32\sstray.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-07-15 11:42 ]
"nwiz"="nwiz.exe" [04-07-15 11:42 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-07-15 11:42 ]
"avast!"="C:\PROGRA~1\AVAST4~1\ashDisp.exe" [07-04-30 17:42 ]
"%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [03-05-06 09:28 ]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 ]
"EPSON Stylus CX3600 Series"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [04-03-04 05:00 ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [04-11-04 01:00 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04-11-26 20:23 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"TCASUTIEXE"="TCAUDIAG.exe" []
"WINSCHEDULER"="C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE" [03-07-10 14:34 ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [07-05-28 02:50 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-15 02:30 C:\WINNT\system32\internat.exe]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [05-08-31 12:54 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvtsr]
byxvtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrq]
C:\WINNT\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
WmdmPmSN


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 14:30:40
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 14:31:21
C:\ComboFix-quarantined-files.txt ... 07-05-28 14:31

--- E O F ---

--------------------------------------------------------------



De plus, un autre fichier a été créé, ComboFix-Quarantined-Files.txt, dont voici le contenu :


04-08-25 00:28 176 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
07-05-23 20:10 627215 --a------ C:\Qoobox\Quarantine\C\WINNT\system32\qrqss.bak1.vir
07-05-23 20:13 49204 --a------ C:\Qoobox\Quarantine\C\WINNT\system32\rrawwtyf.dll.vir
07-05-27 19:54 639584 --a------ C:\Qoobox\Quarantine\C\WINNT\system32\qrqss.bak2.vir
07-05-27 20:46 631 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Syl\Bureau\Internet explorer.lnk.vir
07-05-28 02:34 646050 --a------ C:\Qoobox\Quarantine\C\WINNT\system32\qrqss.ini2.vir
07-05-28 03:09 648850 --a------ C:\Qoobox\Quarantine\C\WINNT\system32\qrqss.ini.vir


Structure du dossier pour le volume Disque local
Le num‚ro de s‚rie du volume est 0006FE80 5CEC:B9F2
C:\QOOBOX
\---Quarantine
+---C
| | INSTALL.LOG.vir
| |
| +---DOCUME~1
| | \---Syl
| | \---Bureau
| | Internet explorer.lnk.vir
| |
| \---WINNT
| \---system32
| qrqss.bak1.vir
| qrqss.bak2.vir
| qrqss.ini.vir
| qrqss.ini2.vir
| rrawwtyf.dll.vir
|
\---Registry_backups


Merci d'avance de m'indiquer si vous voyez quelque chose d'anormal dans tout ce charabia :-)