msn virus photo

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

super merci pour cette reponse rapide, voici le rapport vundofix:

VundoFix V6.5.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 20:58:06 18/06/2007

Listing files found while scanning....

C:\windows\system32\ddcccab.dll
C:\WINDOWS\System32\djxxdvrp.ini
C:\windows\system32\efcdcda.dll
C:\WINDOWS\System32\prvdxxjd.dll
C:\windows\system32\ttstv.bak1
C:\windows\system32\ttstv.ini
C:\windows\system32\tuvtuvv.dll
C:\windows\system32\tuvvvst.dll
C:\WINDOWS\System32\urqnmnn.dll
C:\WINDOWS\System32\vtstt.dll

Beginning removal...

Attempting to delete C:\windows\system32\ddcccab.dll
C:\windows\system32\ddcccab.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\djxxdvrp.ini
C:\WINDOWS\System32\djxxdvrp.ini Has been deleted!

Attempting to delete C:\windows\system32\efcdcda.dll
C:\windows\system32\efcdcda.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\prvdxxjd.dll
C:\WINDOWS\System32\prvdxxjd.dll Has been deleted!

Attempting to delete C:\windows\system32\ttstv.bak1
C:\windows\system32\ttstv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ttstv.ini
C:\windows\system32\ttstv.ini Has been deleted!

Attempting to delete C:\windows\system32\tuvtuvv.dll
C:\windows\system32\tuvtuvv.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvvvst.dll
C:\windows\system32\tuvvvst.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\urqnmnn.dll
C:\WINDOWS\System32\urqnmnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtstt.dll
C:\WINDOWS\System32\vtstt.dll Has been deleted!

Performing Repairs to the registry.
Done!



et celui de hijackthis :


Logfile of HijackThis v1.99.1
Scan saved at 21:09:06, on 18/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Vanessa.VANPORT\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe



heu...j'y comprends rien

juste une précision pour la néophyte que je suis : pourquoi pour un même problème (photo.zip) les helper conseillent parfois d'installer untel logiciel et parfois un tel autre ? j'ai vu passer des msnfix, des avg quelquechose etc....

j'ai suivi un peu les conseils donnés aux autres victimes   , j'ai lancé msnfix, dont voici le rapport , des avis ?:

MSN_Fix 1.325.1

C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix
Fix exécuté le 18/06/2007 - 23:27:53,78 By Vanessa
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\Temp






************************ Suppression des dossiers

.. OK ... C:\Temp


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18062007_23283787.zip

Ne lance pas de programmes sans mon accord.

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

voila le rapport combofix, merci

ComboFix 07-06-18.2 - C:\Documents and Settings\Vanessa.VANPORT\Bureau\ComboFix.exe
"Vanessa" - 2007-06-19 18:55:58 - Service Pack 1 NTFS

/wow section - STAGE #3

((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 18:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 18:54 6,530 ---hs---- C:\WINDOWS\system32\vyadd.bak1
2007-06-19 18:54 266,336 --a------ C:\WINDOWS\system32\ddayv.dll
2007-06-19 09:43 31,254 --a------ C:\WINDOWS\system32\rqronmk.dll
2007-06-19 09:42 70,885 --a------ C:\DOCUME~1\VANESS~1.VAN\mon.exe
2007-06-19 09:42 31,254 --a------ C:\WINDOWS\system32\urqrrsq.dll
2007-06-19 09:42 240,544 --a------ C:\DOCUME~1\VANESS~1.VAN\doc.exe
2007-06-18 20:58 <REP> d-------- C:\VundoFix Backups
2007-06-18 20:44 31,254 --a------ C:\WINDOWS\system32\efcawvu.dll
2007-06-18 20:17 31,254 --a------ C:\WINDOWS\system32\yayywvw.dll
2007-06-17 22:17 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-17 22:17 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-17 22:17 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-17 22:17 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-17 22:16 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-17 22:16 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-17 22:16 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-17 22:16 <REP> d-------- C:\Program Files\Alwil Software
2007-06-08 00:31 <REP> d-------- C:\Program Files\Windows Live
2007-06-03 22:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 16:50:10 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-19 07:17:35 -------- d-----w C:\Program Files\AVG
2007-06-17 20:07:14 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-06-17 19:57:32 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-17 19:05:58 -------- d-----w C:\Program Files\MSN Messenger
2007-06-17 15:16:48 -------- d-----w C:\Program Files\Lx_cats
2007-06-07 22:52:24 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\HbTools
2007-06-07 22:31:46 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-17 13:00:14 -------- d-----w C:\Program Files\VideoLAN
2007-05-17 12:59:40 -------- d-----w C:\Program Files\Legacy Interactive
2007-05-17 12:49:51 -------- d-----w C:\Program Files\IncrediMail
2007-05-13 13:17:37 -------- d-----w C:\Program Files\NeoTrace Express
2007-05-13 07:13:10 -------- d-----w C:\Program Files\TribalWeb.net
2007-05-11 17:39:50 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\dvdcss
2007-05-09 18:34:27 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\Template
2007-04-26 16:01:16 -------- d-----w C:\Program Files\eMule
2007-04-26 15:48:07 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\TribalWeb
2007-04-12 18:16:49 66,334 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-04-12 18:16:49 449,572 ----a-w C:\WINDOWS\system32\perfh00C.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0EA54BBE-C251-4BC5-BCBC-2DFF8927891D}=C:\WINDOWS\System32\ddayv.dll [2007-06-19 18:54]
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\System32\urqrrsq.dll [2007-06-19 09:42]
{E27235DB-7199-4211-870E-AC3587BFAC00}=C:\WINDOWS\System32\vtstt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"SMSERIAL"="sm56hlpr.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 17:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\PROGRA~1\AVG\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\System32\urqrrsq.dll" [2007-06-19 09:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\System32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrsq]
urqrrsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\AVG\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\AVG\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 2300 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OHE]
C:\Program Files\Ohé\OHE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnrirgva]
C:\WINDOWS\System32\yyobxsak.exe


Contents of the 'Scheduled Tasks' folder
2005-02-16 21:11:00 C:\WINDOWS\tasks\Connexion Facile à Internet.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 18:59:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SMSERIAL = sm56hlpr.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 19:00:44

--- E O F ---

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\rqronmk.dll
C:\WINDOWS\system32\urqrrsq.dll
C:\VundoFix Backups
C:\WINDOWS\system32\yayywvw.dll
C:\WINDOWS\system32\efcawvu.dll

---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

C:\WINDOWS\system32\vyadd.bak1 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddayv.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqronmk.dll
C:\WINDOWS\system32\rqronmk.dll NOT unregistered.
C:\WINDOWS\system32\rqronmk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqrrsq.dll
C:\WINDOWS\system32\urqrrsq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\urqrrsq.dll scheduled to be moved on reboot.
C:\VundoFix Backups moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayywvw.dll
C:\WINDOWS\system32\yayywvw.dll NOT unregistered.
C:\WINDOWS\system32\yayywvw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcawvu.dll
C:\WINDOWS\system32\efcawvu.dll NOT unregistered.
C:\WINDOWS\system32\efcawvu.dll moved successfully.

Created on 06/19/2007 19:43:41

le système a effectivement demandé à être redemarré, mais si je comprends bien le rapport, tout n'a pas été supprimé, c'est ça ?

Normalement, c'est ok. Reposte un rapport Hijackthis.

voili voilou :

Logfile of HijackThis v1.99.1
Scan saved at 20:07:42, on 19/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Vanessa.VANPORT\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Renomme Hijackthis.exe en Scanner.exe puis reposte un rapport.

j'ai juste renommé l'icone du bureau en "scanner", ca suffit ?

Logfile of HijackThis v1.99.1
Scan saved at 20:20:49, on 19/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Vanessa.VANPORT\doc.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {64CA5564-5D38-4B8B-AB86-5B49CCEAD217} - C:\WINDOWS\System32\ddayv.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\VANESS~1.VAN\LOCALS~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Re,

Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v ddayv urqrrsq
Clique sur [OK]. Suis les invites.

Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.

ComboFix 07-06-18.2 - C:\Documents and Settings\Vanessa.VANPORT\Bureau\combofix.exe
"Vanessa" - 2007-06-19 20:37:45 - Service Pack 1 NTFS
Command switches used :: /v ddayv urqrrsq

/wow section - STAGE #3

((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 20:35 <REP> d-------- C:\Program Files\Windows Live
2007-06-19 20:35 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 20:15 31,254 --a------ C:\WINDOWS\system32\iifdeff.dll
2007-06-19 18:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 18:54 266,336 --a------ C:\WINDOWS\system32\ddayv.dll
2007-06-19 09:42 70,885 --a------ C:\DOCUME~1\VANESS~1.VAN\mon.exe
2007-06-19 09:42 31,254 --a------ C:\WINDOWS\system32\urqrrsq.dll
2007-06-19 09:42 240,570 --a------ C:\DOCUME~1\VANESS~1.VAN\doc.exe
2007-06-17 22:17 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-17 22:17 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-17 22:17 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-17 22:17 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-17 22:16 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-17 22:16 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-17 22:16 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-17 22:16 <REP> d-------- C:\Program Files\Alwil Software
2007-06-03 22:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 18:35:40 -------- d-----w C:\Program Files\MSN Messenger
2007-06-19 17:09:49 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-19 17:07:57 -------- d-----w C:\Program Files\Lx_cats
2007-06-19 07:17:35 -------- d-----w C:\Program Files\AVG
2007-06-17 20:07:14 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-06-17 19:57:32 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-07 22:52:24 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\HbTools
2007-05-17 13:00:14 -------- d-----w C:\Program Files\VideoLAN
2007-05-17 12:59:40 -------- d-----w C:\Program Files\Legacy Interactive
2007-05-17 12:49:51 -------- d-----w C:\Program Files\IncrediMail
2007-05-13 13:17:37 -------- d-----w C:\Program Files\NeoTrace Express
2007-05-13 07:13:10 -------- d-----w C:\Program Files\TribalWeb.net
2007-05-11 17:39:50 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\dvdcss
2007-05-09 18:34:27 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\Template
2007-04-26 16:01:16 -------- d-----w C:\Program Files\eMule
2007-04-26 15:48:07 -------- d-----w C:\DOCUME~1\VANESS~1.VAN\APPLIC~1\TribalWeb
2007-04-12 18:16:49 66,334 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-04-12 18:16:49 449,572 ----a-w C:\WINDOWS\system32\perfh00C.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]
{48E34B5A-D8BE-41A5-958C-EA2A7992FF62}=C:\WINDOWS\System32\ddayv.dll [2007-06-19 18:54]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\System32\urqrrsq.dll [2007-06-19 09:42]
{E27235DB-7199-4211-870E-AC3587BFAC00}=C:\WINDOWS\System32\vtstt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"SMSERIAL"="sm56hlpr.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 17:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\PROGRA~1\AVG\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\System32\urqrrsq.dll" [2007-06-19 09:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\System32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrsq]
urqrrsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\AVG\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\AVG\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 2300 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]
C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OHE]
C:\Program Files\Ohé\OHE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnrirgva]
C:\WINDOWS\System32\yyobxsak.exe

*Newly Created Service* - USNJSVC

Contents of the 'Scheduled Tasks' folder
2005-02-16 21:11:00 C:\WINDOWS\tasks\Connexion Facile à Internet.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 20:40:45
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SMSERIAL = sm56hlpr.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 20:41:30
C:\ComboFix2.txt ... 2007-06-19 19:00

--- E O F ---

Bizarre...refais un scan Hijackthis.

quoi ? c'est grave docteur?

Logfile of HijackThis v1.99.1
Scan saved at 20:45:33, on 19/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {48E34B5A-D8BE-41A5-958C-EA2A7992FF62} - C:\WINDOWS\System32\ddayv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Désinstalle un antivirus et installe un firewall comme Kerio.

j'ai avg free edition et avast familial, lequel dois-je supprimer ?

AVG  

bon c'est fait, mais en fait tu me fais faire ça pourquoi , qu'est-ce que tu vois sur les rapports que j'ai envoyés ?

Tu as installé Kerio ?
Reposte un rapport.

aussitot dit aussitot fait :

Logfile of HijackThis v1.99.1
Scan saved at 22:43:33, on 19/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\System32\urqrrsq.dll
O2 - BHO: (no name) - {E1171880-5148-4DE5-884B-39D1BE8256B3} - C:\WINDOWS\System32\ddayv.dll
O2 - BHO: (no name) - {E27235DB-7199-4211-870E-AC3587BFAC00} - C:\WINDOWS\System32\vtstt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\System32\ddayv.dll
O20 - Winlogon Notify: urqrrsq - C:\WINDOWS\SYSTEM32\urqrrsq.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Re,

1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
Dézippe-le ensuite sur ton Bureau.

2/ Copie tout le texte en rouge[/#f] ci-dessous :

Citation :

[#ff1c00]Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1171880-5148-4DE5-884B-39D1BE8256B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27235DB-7199-4211-870E-AC3587BFAC00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddayv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrrsq

Folders to delete:
C:\Program Files\ShopperReports

Files to delete:
C:\WINDOWS\System32\ddayv.dll
C:\WINDOWS\System32\vyadd.bak
C:\WINDOWS\System32\vyadd.bak1
C:\WINDOWS\System32\vyadd.bak2
C:\WINDOWS\System32\vyadd.ini
C:\WINDOWS\System32\vyadd.ini1
C:\WINDOWS\System32\vyadd.ini2
C:\WINDOWS\System32\vyadd.tmp
C:\WINDOWS\System32\urqrrsq.dll
C:\WINDOWS\System32\qsrrqru.bak
C:\WINDOWS\System32\qsrrqru.bak1
C:\WINDOWS\System32\qsrrqru.bak2
C:\WINDOWS\System32\qsrrqru.ini
C:\WINDOWS\System32\qsrrqru.ini1
C:\WINDOWS\System32\qsrrqru.ini2
C:\WINDOWS\System32\qsrrqru.tmp

---> Clique-droit puis Copier

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
Sous "Script file to execute" choisis "Input Script Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
Clique sur "Done"
Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
Réponds par "Yes" deux fois quand cela te sera demandé.

4/ The Avenger va automatiquement faire ce qui suit :
Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.

avenger :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mtxslvat

*******************

Script file located at: \??\C:\wpqvqdai.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\ShopperReports deleted successfully.
File C:\WINDOWS\System32\ddayv.dll deleted successfully.


File C:\WINDOWS\System32\vyadd.bak not found!
Deletion of file C:\WINDOWS\System32\vyadd.bak failed!

Could not process line:
C:\WINDOWS\System32\vyadd.bak
Status: 0xc0000034



File C:\WINDOWS\System32\vyadd.bak1 not found!
Deletion of file C:\WINDOWS\System32\vyadd.bak1 failed!

Could not process line:
C:\WINDOWS\System32\vyadd.bak1
Status: 0xc0000034



File C:\WINDOWS\System32\vyadd.bak2 not found!
Deletion of file C:\WINDOWS\System32\vyadd.bak2 failed!

Could not process line:
C:\WINDOWS\System32\vyadd.bak2
Status: 0xc0000034

File C:\WINDOWS\System32\vyadd.ini deleted successfully.


File C:\WINDOWS\System32\vyadd.ini1 not found!
Deletion of file C:\WINDOWS\System32\vyadd.ini1 failed!

Could not process line:
C:\WINDOWS\System32\vyadd.ini1
Status: 0xc0000034



File C:\WINDOWS\System32\vyadd.ini2 not found!
Deletion of file C:\WINDOWS\System32\vyadd.ini2 failed!

Could not process line:
C:\WINDOWS\System32\vyadd.ini2
Status: 0xc0000034



File C:\WINDOWS\System32\vyadd.tmp not found!
Deletion of file C:\WINDOWS\System32\vyadd.tmp failed!

Could not process line:
C:\WINDOWS\System32\vyadd.tmp
Status: 0xc0000034

File C:\WINDOWS\System32\urqrrsq.dll deleted successfully.


File C:\WINDOWS\System32\qsrrqru.bak not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.bak failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.bak
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.bak1 not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.bak1 failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.bak1
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.bak2 not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.bak2 failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.bak2
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.ini not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.ini failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.ini
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.ini1 not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.ini1 failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.ini1
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.ini2 not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.ini2 failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.ini2
Status: 0xc0000034



File C:\WINDOWS\System32\qsrrqru.tmp not found!
Deletion of file C:\WINDOWS\System32\qsrrqru.tmp failed!

Could not process line:
C:\WINDOWS\System32\qsrrqru.tmp
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1171880-5148-4DE5-884B-39D1BE8256B3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27235DB-7199-4211-870E-AC3587BFAC00} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddayv deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrrsq deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

et hijack:

Logfile of HijackThis v1.99.1
Scan saved at 23:10:07, on 19/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Ton pc se comporte mieux ?

oui, mais depuis kerio déjà ca allait mieux. msn buggait encore, dès que je l'ouvrais il ouvrait dix fenêtres vides et clignotait... il continuait à le faire après toutes ces manip mais je l'ai supprimé et réinstallé et depuis aucun souci...

ca y est ? je suis guérie ?

C'est plutôt l'étape avec The Avenger qui a fait le ménage  

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

kapersky n'en est qu'à 2% de l'analyse et il a déjà trouvé 1 virus et 2 fichiers infectés....

c'est normal après tout ce qu'on a déjà fait ? je pensais que mon pc était propre de chez propre avec tout ça, eh ben non, il reste encore des saletés !

on n'était pas bien , dans l'temps, sans ces maudits pc ?

en meme temps il reste bloqué à 2% et plus rien ne bouge ...  

re bonjour tout le monde, depuis hier je tente de lancer le scan de Kapersky, et celui ci met des heures (plus de 3 heures hier) pour arriver jusqu'à 2 ou 3 % d'analyse puis il se bloque à 5923 fichier analysés.

J'ai relancé plusieurs fois, mais à chaque fois c'est le meme résultat.

Quelqu'un sait-il ce que je doit faire et pourquoi kapersky s'arrête tout le temps ?

merci  

Fais un scan en ligne Panda alors.

bon à force de patience voilà ce que ca a donné :

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\jb9para2.Utilisateur par défaut\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f734cc-6e5bd375.zip/BaaaaBaa.class Infecté : Exploit.Java.Gimsh.a ignoré
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f734cc-6e5bd375.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\Vanessa.VANPORT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Historique\History.IE5\MSHist012007062020070621\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\Mes documents\Mes téléchargements\LOGICIELS\installer-24017-17-Microsoft-Windows-Media-Player-11-build-11-FINAL-French.exe Infecté : Trojan.Win32.StartPage.aop ignoré
C:\Documents and Settings\Vanessa.VANPORT\mon.exe/data0003 Infecté : Trojan-Downloader.Win32.Agent.brf ignoré
C:\Documents and Settings\Vanessa.VANPORT\mon.exe NSIS: infecté - 1 ignoré
C:\Documents and Settings\Vanessa.VANPORT\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Vanessa.VANPORT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
Analyse terminée.

Re,

Vide ce dossier :
C:\Documents and Settings\Vanessa.VANPORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

Supprime :
C:\Documents and Settings\Vanessa.VANPORT\Mes documents\Mes téléchargements\LOGICIELS\installer-24017-17-Microsoft-Windows-Media-Player-11-build-11-FINAL-French.exe

c'est fait, j'ai aussi lancé un scan panda qui a deja trouvé deja 78 logiciels espions et plusieurs outils de piratage....

alors quand ce sera fini, puis-je vous demander comment faire pour nettoyer tout ça ? et puis aussi que faire pour éviter que ça recommence ?

Poste le rapport  

panda ,n'a trouvé que des logiciels espion et n'a pas dsinfecté :


Incident Statut Analyse

Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@bluestreak[2].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@fe.lea.lycos[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@mediaplex[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Agnes\Cookies\agnes@xiti[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Vanessa\Cookies\vanessa@doubleclick[1].txt
Adware:Adware/IST No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\HbTools\v3.0\HbTools\static\1\hbtwallpaper.exe[hbtWallpaper.dll]
Adware:Adware/IST No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\HbTools\v3.0\HbTools\static\2\hbtwallpaper.exe[hbtWallpaper.dll]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.overture.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[server.iad.liveperson.net/hc/18766632]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[sel.as-eu.falkag.net/]
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.adtech.de/]
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Casinotropez No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.casinotropez.com/fr/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.com.com/]
Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[statse.webtrendslive.com/dcsio5sd4cydgsdqplcufbkze_4z7i]
Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.belnk.com/]
Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Beweb No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.beweb.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Maxserving No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Application Data\Mozilla\Firefox\Profiles\p5llla6p.default\cookies.txt[.statse.webtrendslive.com/S141021]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\ComboFix.exe[nircmd.exe]
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix\incl\Process.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Bureau\MSNFix.zip[MSNFix/incl/Process.exe]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@bluestreak[2].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Vanessa.VANPORT\Cookies\vanessa@xiti[1].txt
Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.7.1.0\HbtHostOE.dll
Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.7.1.0\ShprRprtHbt.exe[ShprRprt.dll]
Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\Bin\4.8.4.0\HbtInstIE.dll
Adware:Adware/IST No Désinfecté C:\Program Files\HbTools\HBTV\uninstaller.exe[²ÜÇ\TVEngineCommand.dll]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
Adware:Adware/IST No Désinfecté C:\WINDOWS\system32\khffvxpd.exe[HBTVSetup.exe][²ÜÇ\TVEngineCommand.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\ddcccab.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\efcdcda.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\prvdxxjd.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\tuvtuvv.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\tuvvvst.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\urqnmnn.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\VundoFix Backups\vtstt.dll.bad

Re,

Supprime :
C:\Program Files\HbTools
C:\WINDOWS\system32\khffvxpd.exe

c'est fait, je relance encore un rapport de quelque chose ?  

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 20:53:30, on 20/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Vanessa.VANPORT\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infirmiers.com/frm/viewforum.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://migalou06.spaces.live.com//PhotoUpload/MsnPUpld....
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7189FE-FD2A-4B34-94B9-CF44BC99F303}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C67728E-8670-4A88-B061-B205279EBFDD}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB69C0C-6A30-400D-9C66-416CF39C7139}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F4097D6-2F5F-4E2A-888E-EE5E9406596A}: NameServer = 212.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Même problème ?

heu... je n'ai plus de problème, à mes yeux de débutante mon PC marche super bien, c'est juste que les scan que je fais me disent que je suis infectée alors j'aimerai bien tout nettoyer pour partir sur de bonnes bases...

Refais un scan Panda.

alors là je rêve !

je lance le scan panda (activescan) et je n'avais pas enlevé mon antivirus avast, et dès que la fenêtre activescan s'ouvre, avast m'affiche un message comme quoi activescan est infecté....

c'est quoi ce bordel ? le site PANDA de recherche de virus enverrait-il lui même les virus aux internautes pour que ceux-ci achètent la version "guerisseuse" d'activescan ??!

C'est un faux-positif, il faut désactiver Avast  

riuen à faire, même en désactivant avast, le scan panda ne veut plus se lancer...
je jette l'éponge

Redémarre, désactive Avast!, recommence le scan.

aucun rapport à sortir, activescan me dit qu'il n'a rien trouvé de suspect sur mon pc !!!!



Vous savez quoi ?......

SUPER MERCI VOUS ETES GENIAUX !!

De rien