Se connecter avec
S'enregistrer | Connectez-vous

Virus photo MSN

Dernière réponse : dans Sécurité

Bonjour tout le monde. Cela va faire une semaine que je suis infecté par le virus msn (oui comme un débile j'ai telecharger album photo.zip par un contact qui me le proposait) , depuis j'ai tout essayé, scan antivirus avast, MSN fix, OTmoveit, scan antivirus en ligne . Et ils ne trouvent rien, pourtant je continue d'envoyer des phrases suivis du telechargement du virus à mes contacts. Autant dire que cela commence à me prendre un peu la tête, et que j'apprécierai grandement une aide afin de me débarasser de ce virus :)  .

Merci d'avance! :) 

Autres pages sur : virus photo msn

Lassé par la pub ? Créez un compte

Bonjour,

Refais quand même ceci :

Télécharge MsnFix sur ton Bureau. (>>Tuto<<)
Dézippe-le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Effectivement c'etait une bonne idée, je n'avais pas enregistrer MSN fix sur le bureau donc il ne trouvait aucune infection cette fois ci il a trouvé.

Voila le rapport de MSNfix:

MSNFix 1.521

C:\Documents and Settings\Louis\Bureau\MSNFix
Fix exécuté le 26/09/2007 - 22:05:09,40 By Louis
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\cookies.ini
... C:\WINDOWS\system\explorer.exe
... C:\WINDOWS\IMG-0701.zip
... C:\WINDOWS\IMG-1415.zip
... C:\WINDOWS\IMG-1430.zip
... C:\WINDOWS\IMG-2043.zip
... C:\WINDOWS\IMG-2451.zip
... C:\WINDOWS\IMG-2844.zip
... C:\WINDOWS\IMG-3044.zip
... C:\WINDOWS\IMG-3462.zip
... C:\WINDOWS\IMG-4382.zip
... C:\WINDOWS\IMG-4747.zip
... C:\WINDOWS\IMG-5242.zip
... C:\WINDOWS\IMG-5511.zip
... C:\WINDOWS\IMG-5868.zip
... C:\WINDOWS\IMG-6294.zip
... C:\WINDOWS\IMG-6447.zip
... C:\WINDOWS\IMG-7028.zip
... C:\WINDOWS\IMG-7441.zip
... C:\WINDOWS\IMG-8168.zip
... C:\WINDOWS\IMG-8187.zip
... C:\WINDOWS\IMG-9140.zip
... C:\WINDOWS\IMG-9311.zip
... C:\WINDOWS\IMG-9350.zip
... C:\WINDOWS\IMG-9581.zip

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\cookies.ini
/!\ ... C:\WINDOWS\system\explorer.exe
.. OK ... C:\WINDOWS\IMG-0701.zip
.. OK ... C:\WINDOWS\IMG-1415.zip
.. OK ... C:\WINDOWS\IMG-1430.zip
.. OK ... C:\WINDOWS\IMG-2043.zip
.. OK ... C:\WINDOWS\IMG-2451.zip
.. OK ... C:\WINDOWS\IMG-2844.zip
.. OK ... C:\WINDOWS\IMG-3044.zip
.. OK ... C:\WINDOWS\IMG-3462.zip
.. OK ... C:\WINDOWS\IMG-4382.zip
.. OK ... C:\WINDOWS\IMG-4747.zip
.. OK ... C:\WINDOWS\IMG-5242.zip
.. OK ... C:\WINDOWS\IMG-5511.zip
.. OK ... C:\WINDOWS\IMG-5868.zip
.. OK ... C:\WINDOWS\IMG-6294.zip
.. OK ... C:\WINDOWS\IMG-6447.zip
.. OK ... C:\WINDOWS\IMG-7028.zip
.. OK ... C:\WINDOWS\IMG-7441.zip
.. OK ... C:\WINDOWS\IMG-8168.zip
.. OK ... C:\WINDOWS\IMG-8187.zip
.. OK ... C:\WINDOWS\IMG-9140.zip
.. OK ... C:\WINDOWS\IMG-9311.zip
.. OK ... C:\WINDOWS\IMG-9350.zip
.. OK ... C:\WINDOWS\IMG-9581.zip



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system\explorer.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26092007_22114792.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

voila le rapport de hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:39, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Louis\Bureau\MSNFix\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dash Regs] C:\DOCUME~1\Louis\APPLIC~1\DARTON~1\CityHelpPop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 11263 bytes

Télécharge VundoFix.exe :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt et un nouveau rapport hijackthis

Renomme le hijackthis.exe en scanner.exe. et reposte un nouveau rapport.

Voila le rapport de VundoFix :


VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 21:33:55 20/09/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 21:55:17 26/09/2007

Listing files found while scanning....

C:\WINDOWS\system32\gjsjldyx.ini
C:\WINDOWS\system32\xydljsjg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gjsjldyx.ini
C:\WINDOWS\system32\gjsjldyx.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 22:35:52 26/09/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...



Pour Hijackthis je l'ai changé en scanner.exe mais le rapport étant identique il ne m'en a pas sauvegarder un nouveau



Voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:12, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Storage RW\DskWatch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Louis\Bureau\MSNFix\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {1A53E020-041C-4594-A2B0-82743D9A542B} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EADAD8C1-7990-8DAD-169B-6A8487F87805} - C:\DOCUME~1\Louis\APPLIC~1\MESSCA~1\FlagReal.exe (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Storage RW] C:\Program Files\USB Storage RW\DskWatch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dash Regs] C:\DOCUME~1\Louis\APPLIC~1\DARTON~1\CityHelpPop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: gebywxv - C:\WINDOWS\SYSTEM32\gebywxv.dll
O20 - Winlogon Notify: mljgheb - C:\WINDOWS\SYSTEM32\mljgheb.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 12413 bytes

1/ Désinstalle SweetIm.

2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Télécharge LopResearch.zip

Dézippe-le sur ton Bureau.
Lance le fichier Scan.bat
Poste le rapport ici.

Voila le rapport de ComboFix :

ComboFix 07-09-21.2 - "Louis" 2007-09-26 22:58:24.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.539 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Louis\err.log
C:\DOCUME~1\Louis\ResErrors.log
C:\WINDOWS\DOWNLO~1\UWA7PV_0001_N96M0206NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWAS6V_0001_N91M2606NetInstaller.exe
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\qcbxbtvu.ini
C:\WINDOWS\system32\qcbxbtvu.ini2
C:\WINDOWS\system32\stera.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))
.

2007-09-26 22:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 21:55 <REP> d-------- C:\VundoFix Backups
2007-09-25 20:41 84,032 --a------ C:\WINDOWS\system32\lyhpijfe.dll
2007-09-24 18:09 85,056 --a------ C:\WINDOWS\system32\ptsvghfp.dll
2007-09-23 08:14 <REP> d--hs---- C:\WA7PV
2007-09-23 08:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-23 08:08 <REP> d-------- C:\Program Files\WebPopupKiller
2007-09-23 00:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-09-23 00:38 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-23 00:38 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-23 00:38 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-23 00:38 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-23 00:38 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-23 00:38 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-23 00:38 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-23 00:36 <REP> d-------- C:\Program Files\Lavasoft
2007-09-23 00:28 1,474,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-23 00:19 <REP> d-------- C:\WINDOWS\Internet Logs
2007-09-22 23:03 <REP> d-------- C:\Program Files\ClearProg
2007-09-22 12:52 33,792 --a------ C:\WINDOWS\system32\gebywxv.dll
2007-09-22 07:19 33,792 --a------ C:\WINDOWS\system32\mljgheb.dll
2007-09-20 22:14 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-20 22:14 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-09-20 22:14 267,845 --a------ C:\WINDOWS\tsc.exe
2007-09-20 22:14 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-20 22:14 <REP> d-------- C:\WINDOWS\report
2007-09-20 22:14 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-20 21:54 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-20 21:54 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-20 21:54 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-20 21:54 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-20 21:54 <REP> d-------- C:\WINDOWS\AU_Log
2007-09-20 19:13 <REP> d-------- C:\Program Files\Alwil Software
2007-09-10 20:47 22,328 --a------ C:\DOCUME~1\Louis\APPLIC~1\PnkBstrK.sys
2007-09-10 20:44 <REP> d-------- C:\Program Files\id Software
2007-09-10 18:48 <REP> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-09-03 13:13 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-09-02 14:01 <REP> d-------- C:\UT2004

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 23:12 --------- d-------- C:\Program Files\Steam
2007-09-26 17:12 --------- d-------- C:\Program Files\World of Warcraft
2007-09-25 18:42 18116 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 08:03 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-23 00:44 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-23 00:44 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-23 00:21 --------- d-------- C:\Program Files\CA
2007-09-22 20:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 18:55 --------- d-------- C:\DOCUME~1\Louis\APPLIC~1\DMCache
2007-09-19 20:21 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-18 21:14 --------- d-------- C:\Program Files\Apple Software Update
2007-09-18 21:03 --------- d-------- C:\Program Files\iTunes
2007-09-18 21:03 --------- d-------- C:\Program Files\iPod
2007-09-15 21:29 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-15 21:29 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-11 18:00 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 12:52 --------- d-------- C:\DOCUME~1\Louis\APPLIC~1\Bioshock
2007-08-23 15:24 --------- d-------- C:\Program Files\AGEIA Technologies
2007-08-21 16:13 --------- d-------- C:\Program Files\Ubisoft
2007-08-21 16:04 --------- d-------- C:\DOCUME~1\Louis\APPLIC~1\La Bataille pour la Terre du Milieu
2007-08-21 08:41 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-21 08:37 --------- d-------- C:\Program Files\2K Games
2007-08-01 01:40 --------- d-------- C:\Program Files\Warcraft III
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-23 11:39 1 --a------ C:\DOCUME~1\Louis\SI.bin
2005-03-23 16:54 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADAD8C1-7990-8DAD-169B-6A8487F87805}]
C:\DOCUME~1\Louis\APPLIC~1\MESSCA~1\FlagReal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-01 17:31 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 17:54 C:\WINDOWS\SOUNDMAN.EXE]
"USB Storage RW"="C:\Program Files\USB Storage RW\DskWatch.exe" [2004-12-23 16:00]
"CARPService"="carpserv.exe" [2003-03-19 01:13 C:\WINDOWS\system32\carpserv.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 16:09]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-02-18 02:49]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 06:25]
"OEM-Reset"="" []
"VTTrayp"="VTtrayp.exe" [2004-06-22 02:57 C:\WINDOWS\system32\VTTrayp.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-23 16:49]
"nwiz"="nwiz.exe" [2006-06-23 16:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-23 16:49]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 22:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-14 12:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"Dash Regs"="C:\DOCUME~1\Louis\APPLIC~1\DARTON~1\CityHelpPop.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-30 11:13]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 15:14]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-02-21 00:49:22]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-03 16:46:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{79C29CCC-C25C-49CA-BD86-C3BE791F2E58}"= C:\WINDOWS\system32\gebywxv.dll [2007-09-22 12:52 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywxv]
gebywxv.dll 2007-09-22 12:52 33792 C:\WINDOWS\system32\gebywxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgheb]
mljgheb.dll 2007-09-22 07:19 33792 C:\WINDOWS\system32\mljgheb.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 dskwatch;Disk Watch Filter;C:\WINDOWS\system32\drivers\dskwatch.sys
R3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\ICAM5D2.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\Louis\LOCALS~1\Temp\sony_ssm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9958706-7f1a-11d9-acd4-806d6172696f}]
AutoRun\command- I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f995870c-7f1a-11d9-acd4-806d6172696f}]
AutoRun\command- D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 21:00:00 C:\WINDOWS\Tasks\8C81B4C6933A474A.job"
- c:\docume~1\louis\applic~1\darton~1\CORN FILE DELETE.exe
"2007-09-21 16:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-07-03 12:11:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1143801297.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 23:10:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 23:14:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 23:14
.
--- E O F ---


Et celui de LopResearch :
---------------------------[ LopResearch v3 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : C:\Documents and Settings\Louis\Bureau\LopResearch v3.1

Rapport crée : Le 26/09/2007 à 23:15:58,60 PC : MULLERLOUIS

! Faire analyser le rapport par un Helper avant intervention !

---------------------[ Listing des Applications Data ]--------------------

C:\Documents and Settings\Administrateur\Application Data\AOL
C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Administrateur\Application Data\Microsoft
C:\Documents and Settings\Administrateur\Application Data\desktop.ini
C:\Documents and Settings\Administrateur\Application Data\Identities

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\MailFrontier
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\River Past G4
C:\Documents and Settings\All Users\Application Data\TechSmith
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\AboutPeakBuildThird
C:\Documents and Settings\All Users\Application Data\hpzinstall.log
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\pixelStorm
C:\Documents and Settings\All Users\Application Data\Groove Games
C:\Documents and Settings\All Users\Application Data\CyberLink
C:\Documents and Settings\All Users\Application Data\QuickTime
C:\Documents and Settings\All Users\Application Data\AOL
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\desktop.ini
C:\Documents and Settings\All Users\Application Data\SBSI

C:\Documents and Settings\Default User\Application Data\AOL
C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\desktop.ini
C:\Documents and Settings\Default User\Application Data\Identities

C:\Documents and Settings\LocalService\Application Data\Microsoft

C:\Documents and Settings\Louis\Application Data\wklnhst.dat
C:\Documents and Settings\Louis\Application Data\DMCache
C:\Documents and Settings\Louis\Application Data\PnkBstrK.sys
C:\Documents and Settings\Louis\Application Data\Bioshock
C:\Documents and Settings\Louis\Application Data\La Bataille pour la Terre du Milieu
C:\Documents and Settings\Louis\Application Data\AdobeUM
C:\Documents and Settings\Louis\Application Data\Adobe
C:\Documents and Settings\Louis\Application Data\Disney Interactive Studios
C:\Documents and Settings\Louis\Application Data\Microsoft
C:\Documents and Settings\Louis\Application Data\CrystalSpace
C:\Documents and Settings\Louis\Application Data\Help
C:\Documents and Settings\Louis\Application Data\InstallShield
C:\Documents and Settings\Louis\Application Data\teamspeak2
C:\Documents and Settings\Louis\Application Data\Gearbox Software
C:\Documents and Settings\Louis\Application Data\Google
C:\Documents and Settings\Louis\Application Data\Nikon
C:\Documents and Settings\Louis\Application Data\Real
C:\Documents and Settings\Louis\Application Data\Media Player Classic
C:\Documents and Settings\Louis\Application Data\Apple Computer
C:\Documents and Settings\Louis\Application Data\River Past G4
C:\Documents and Settings\Louis\Application Data\mess cast
C:\Documents and Settings\Louis\Application Data\dart once user
C:\Documents and Settings\Louis\Application Data\Ventrilo
C:\Documents and Settings\Louis\Application Data\Hewlett-Packard
C:\Documents and Settings\Louis\Application Data\SecuROM
C:\Documents and Settings\Louis\Application Data\Ahead
C:\Documents and Settings\Louis\Application Data\CyberLink
C:\Documents and Settings\Louis\Application Data\Macromedia
C:\Documents and Settings\Louis\Application Data\AOL
C:\Documents and Settings\Louis\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Louis\Application Data\desktop.ini
C:\Documents and Settings\Louis\Application Data\Identities

C:\Documents and Settings\NetworkService\Application Data\Microsoft

C:\Documents and Settings\Propri‚taire\Application Data\You've Got Pictures Screensaver

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\8C81B4C6933A474A.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1143801297.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

--------------[ Listing des dossiers dans C:\Program Files ]--------------

C:\Program Files\2K Games
C:\Program Files\Activision
C:\Program Files\Adobe
C:\Program Files\AGEIA Technologies
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\AOL 9.0
C:\Program Files\AOL Compagnon
C:\Program Files\Apple Software Update
C:\Program Files\AvRack
C:\Program Files\CA
C:\Program Files\CAPCOM
C:\Program Files\ClearProg
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CONEXANT
C:\Program Files\CyberLink
C:\Program Files\Cycore FX Demo 1.0.1
C:\Program Files\dart once user
C:\Program Files\directx
C:\Program Files\DivX
C:\Program Files\EA GAMES
C:\Program Files\Encarta
C:\Program Files\Fichiers communs
C:\Program Files\Futuremark
C:\Program Files\Game Cam
C:\Program Files\Game Cam Lite
C:\Program Files\GameSpy Arcade
C:\Program Files\Google
C:\Program Files\Google Video
C:\Program Files\Guitar Pro 4
C:\Program Files\Guitar Pro 5
C:\Program Files\Hewlett-Packard
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\honestech
C:\Program Files\id Software
C:\Program Files\Intel
C:\Program Files\InterLok
C:\Program Files\Internet Explorer
C:\Program Files\Inventel
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\JVTorrent
C:\Program Files\Lavasoft
C:\Program Files\Macrogaming
C:\Program Files\Managed DirectX (0901)
C:\Program Files\Messenger
C:\Program Files\Microsoft AutoRoute
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Money 2005
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2005
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\NetMeeting
C:\Program Files\Nikon
C:\Program Files\Online Services
C:\Program Files\Outlook Express
C:\Program Files\Picture It! Premium 10
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Realtek Sound Manager
C:\Program Files\S3Inc
C:\Program Files\Screen Recorder
C:\Program Files\Services en ligne
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steam
C:\Program Files\Teamspeak2_RC2
C:\Program Files\TechCity Solutions
C:\Program Files\Ubisoft
C:\Program Files\USB Storage RW
C:\Program Files\Valve
C:\Program Files\Ventrilo
C:\Program Files\VIA
C:\Program Files\Video Capturix 2006
C:\Program Files\Viewpoint
C:\Program Files\Warcraft III
C:\Program Files\WebPopupKiller
C:\Program Files\Windows Journal Viewer
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Media Connect
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\Wolfenstein - Enemy Territory
C:\Program Files\World of Warcraft
C:\Program Files\xerox
C:\Program Files\Zone Labs

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----

C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\AOL
C:\Program Files\Fichiers communs\aolback
C:\Program Files\Fichiers communs\aolshare
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\Blizzard Entertainment
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\FDEUnInstaller.exe
C:\Program Files\Fichiers communs\Groove Games Shared
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Intel Shared
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\Nero
C:\Program Files\Fichiers communs\Nikon
C:\Program Files\Fichiers communs\NSV
C:\Program Files\Fichiers communs\Nullsoft
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

Dash Regs REG_SZ C:\DOCUME~1\Louis\APPLIC~1\DARTON~1\CityHelpPop.exe

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and Settings\Louis\Application Data\DARTON~1
C:\Program Files\DARTON~1

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------------[ Recherche d'autres infections ]---------------------


! VUNDO Possible !


--------------------[ Fin du rapport à 23:17:49,39 ]----------------------

Supprime LopResearch on le reprendra après.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\tasks\8C81B4C6933A474A.job
C:\WINDOWS\system32\mljgheb.dll
C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\lyhpijfe.dll
C:\WINDOWS\system32\ptsvghfp.dll
C:\WINDOWS\system32\xydljsjg.dll

Folder::
C:\Documents and Settings\Louis\Application Data\dart once user
C:\Documents and Settings\All Users\Application Data\AboutPeakBuildThird
C:\Documents and Settings\Louis\Application Data\mess cast
C:\Program Files\dart once user
C:\WA7PV
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADAD8C1-7990-8DAD-169B-6A8487F87805}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dash Regs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{79C29CCC-C25C-49CA-BD86-C3BE791F2E58}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebywxv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgheb]


Ouvre le Bloc-Notes puis colle le texte copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.



Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde