Bouffé par les virus!!!

Bonjour,

Il y a d'autres helpers.

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Un tout grand merci pour la rapidité avec laquelle tu as répondu!

Voici le résultat du scan par combo! A la fin de celui-ci Avast m'a trouvé quelques chevaux de troie??? Est-ce normal??

ComboFix 07-11-08.1 - Marine 2007-11-10 11:35:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.517 [GMT 1:00]
Running from: C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Anaïs.VIDEO2\Bureau\internet.lnk
C:\Documents and Settings\Gilles\Bureau\internet.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\internet.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Marine.VIDEO2\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Marine_2\Bureau\internet.lnk
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\svchost.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\u4\wr31drs.exe
C:\WINDOWS\system32\xrpcfvog.dllbox
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))))
.

2007-11-10 11:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 11:10 81,472 --a------ C:\WINDOWS\system32\oqdxlpll.dll
2007-11-10 11:07 85,056 --a------ C:\WINDOWS\system32\nqtkgcfq.dll
2007-11-10 11:04 71,232 --a------ C:\WINDOWS\system32\vtvgaxif.exe
2007-11-10 11:03 71,232 --a------ C:\WINDOWS\system32\eppfcytr.exe
2007-11-07 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 19:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-07 19:54 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-07 19:54 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-07 19:54 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-11-07 19:54 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-11-07 19:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-07 19:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 19:52 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-07 17:49 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Lavasoft
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\xrpcfvog.dll
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\hgjbjbuc.dll
2007-11-07 17:31 35,328 --a------ C:\WINDOWS\system32\ssqronn.dll
2007-11-06 21:02 <REP> d-------- C:\Documents and Settings\Marine_2\Incomplete
2007-11-06 20:45 <REP> d-------- C:\Documents and Settings\Marine_2\Application Data\LimeWire
2007-11-06 19:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-06 19:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 19:24 225,120 --a------ C:\Temp\crda.exe
2007-11-06 19:24 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-06 19:24 35,328 --a------ C:\WINDOWS\system32\efcywwu.dll
2007-11-06 19:24 82 --a------ C:\n.bat
2007-11-06 19:24 0 --a------ C:\z.dat
2007-11-06 19:23 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 19:23 <REP> d-------- C:\Temp\mZOr
2007-11-06 19:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 12:04 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Pegasys Inc
2007-11-02 12:01 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\DivX
2007-11-02 11:58 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Talkback
2007-11-02 11:57 <REP> d-------- C:\Program Files\DivX
2007-11-02 11:57 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-02 11:57 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-02 11:57 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 10:00 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Ahead
2007-10-31 22:45 <REP> d-------- C:\Documents and Settings\Gilles\Contacts
2007-10-30 12:31 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\AdobeUM
2007-10-28 16:43 <REP> d-------- C:\Documents and Settings\Gilles\.hydrogen
2007-10-28 16:38 <REP> d-------- C:\Program Files\Hydrogen
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Incomplete
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 10:59 499,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-10 10:45 8,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 19:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-07 19:17 --------- d-----w C:\Program Files\Diablo II
2007-11-07 18:53 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 18:53 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-07 16:41 --------- d-----w C:\Program Files\LimeWire
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-14 17:43 --------- d-----w C:\Program Files\MSN Messenger
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-29 06:13 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-29 06:13 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-28 17:25 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-28 17:18 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}]
2007-11-06 19:24 35328 --a------ C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34B6FFC9-18AB-4CA7-A119-FCE79777816C}]
C:\Program Files\Movie Maker\hosetuxC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68dff943-0f5a-4cc9-bce4-020d68f964dc}]
2007-11-10 11:10 81472 --a------ C:\WINDOWS\system32\oqdxlpll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 17:32 145984 --a------ C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xrpcfvog.dll [2007-11-07 17:32 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"d0292f8e"="C:\WINDOWS\system32\nqtkgcfq.dll" [2007-11-10 11:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 08:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\efcywwu.dll [2007-11-06 19:24 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcywwu]
efcywwu.dll 2007-11-06 19:24 35328 C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xrpcfvog]
xrpcfvog.dll 2007-11-07 17:32 145984 C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-10 10:24:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 11:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 12:02:07 - machine was rebooted
.
--- E O F ---

Merci encore!!

Bootesector

Reposte un rapport Hijackthis.

Voici le rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:47, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MARINE~1.VID\LOCALS~1\Temp\Rar$EX01.266\HijackThis.exe
C:\svchost.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\xrpcfvog.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [d0292f8e] rundll32.exe "C:\WINDOWS\system32\nqtkgcfq.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3d59d608a7f844cfa4d1ceeee1f00dee
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3d59d608a7f844cfa4d1ceeee1f00dee
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.be
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4998 bytes

merci encore.

Refais un scan Combofix  

Voici le deuxième rapport de combofix.

ComboFix 07-11-08.1 - Marine 2007-11-11 12:16:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.589 [GMT 1:00]
Running from: C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.exe
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Marine.VIDEO2\Favoris\Online Security Guide.lnk
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\xrpcfvog.dllbox
F:\hpipcopy.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 12:15 79,936 --a------ C:\WINDOWS\system32\faouhbbk.dll
2007-11-11 12:12 88,128 --a------ C:\WINDOWS\system32\emonluox.dll
2007-11-11 12:11 71,232 --a------ C:\WINDOWS\system32\uljwxayt.exe
2007-11-10 13:07 36,352 --a------ C:\WINDOWS\system32\efcbccd.dll
2007-11-10 12:02 0 --a------ C:\x.dat
2007-11-10 12:01 172,032 --a------ C:\winlogon.exe
2007-11-10 12:01 36,352 --a------ C:\WINDOWS\system32\pmnmnlj.dll
2007-11-10 12:01 4,401 --a------ C:\Documents and Settings\Marine.VIDEO2\z.dat
2007-11-10 12:01 0 --a------ C:\Documents and Settings\Marine.VIDEO2\x.dat
2007-11-10 11:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 11:10 81,472 --a------ C:\WINDOWS\system32\oqdxlpll.dll
2007-11-10 11:04 71,232 --a------ C:\WINDOWS\system32\vtvgaxif.exe
2007-11-10 11:03 71,232 --a------ C:\WINDOWS\system32\eppfcytr.exe
2007-11-07 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 19:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-07 19:54 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-11-07 19:54 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-11-07 19:54 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-11-07 19:54 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-11-07 19:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-07 19:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 19:52 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-07 17:49 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Lavasoft
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\xrpcfvog.dll
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\hgjbjbuc.dll
2007-11-07 17:31 35,328 --a------ C:\WINDOWS\system32\ssqronn.dll
2007-11-06 21:02 <REP> d-------- C:\Documents and Settings\Marine_2\Incomplete
2007-11-06 20:45 <REP> d-------- C:\Documents and Settings\Marine_2\Application Data\LimeWire
2007-11-06 19:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-06 19:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 19:24 225,120 --a------ C:\Temp\crda.exe
2007-11-06 19:24 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-06 19:24 35,328 --a------ C:\WINDOWS\system32\efcywwu.dll
2007-11-06 19:24 134 --a------ C:\n.bat
2007-11-06 19:24 0 --a------ C:\z.dat
2007-11-06 19:23 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 19:23 <REP> d-------- C:\Temp\mZOr
2007-11-06 19:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 12:04 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Pegasys Inc
2007-11-02 12:01 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\DivX
2007-11-02 11:58 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Talkback
2007-11-02 11:57 <REP> d-------- C:\Program Files\DivX
2007-11-02 11:57 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-02 11:57 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-02 11:57 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 10:00 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Ahead
2007-10-31 22:45 <REP> d-------- C:\Documents and Settings\Gilles\Contacts
2007-10-30 12:31 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\AdobeUM
2007-10-28 16:43 <REP> d-------- C:\Documents and Settings\Gilles\.hydrogen
2007-10-28 16:38 <REP> d-------- C:\Program Files\Hydrogen
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Incomplete
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:28 636,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 11:23 10,580 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 19:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-07 19:17 --------- d-----w C:\Program Files\Diablo II
2007-11-07 18:53 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 18:53 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-07 16:41 --------- d-----w C:\Program Files\LimeWire
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-14 17:43 --------- d-----w C:\Program Files\MSN Messenger
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-29 06:13 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-29 06:13 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-28 17:25 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-28 17:18 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_12.01.16.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 11:24:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}]
2007-11-06 19:24 35328 --a------ C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dacf4c6-8876-486f-bfc6-95adca81cde2}]
2007-11-11 12:15 79936 --a------ C:\WINDOWS\system32\faouhbbk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34B6FFC9-18AB-4CA7-A119-FCE79777816C}]
C:\Program Files\Movie Maker\hosetuxC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 17:32 145984 --a------ C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xrpcfvog.dll [2007-11-07 17:32 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"d0292f8e"="C:\WINDOWS\system32\emonluox.dll" [2007-11-11 12:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 08:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\efcywwu.dll [2007-11-06 19:24 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcywwu]
efcywwu.dll 2007-11-06 19:24 35328 C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xrpcfvog]
xrpcfvog.dll 2007-11-07 17:32 145984 C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-10 11:24:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 12:26:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 12:37:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 12:02
.
--- E O F ---

Merci.

Encore des infections.

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.

Salut Angel,

Voilà, j'ai enfin eu le temps de désinstaller avast et d'installer antivir. Il a trouvé un virus qu'il a supprimé et un cheval de troie qu'il a mis en quarantaine. Ci -dessous, le rapport.
Le lien pour le test comparatif avast vs antivir est très concluant. Merci pour ce super tuyau. J'en ai déjà fait profiter plus d'un!!



AntiVir PersonalEdition Classic
Report file date: mardi 13 novembre 2007 19:26

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Marine
Computer name: VIDEO2

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 3/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 13 novembre 2007 19:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mrofinu1188.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\mrofinu1188.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'tgcmd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mrofinu1188.exe' has been terminated
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a8ecdd.qua'!

30 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'


End of the scan: mardi 13 novembre 2007 19:28
Used time: 02:07 min

The scan has been done completely.

200 Scanning directories
6535 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
6533 Files not concerned
4 Archives were scanned
0 Warnings
0 Notes

Merci encore pour le temps que tu consacres à aider les autres. C'est fort rare de nos jours!!

Bien à toi,

Bootsector.

 
Reposte un rapport Hijackthis.

Voici le rapport!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:56, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\DOCUME~1\MARINE~1.VID\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\xrpcfvog.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d0292f8e] rundll32.exe "C:\WINDOWS\system32\emonluox.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.be
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4105 bytes

Merci.

Refais un scan Combofix, on attaque  

Angel,

Voici d'abord le rapport du scan complet d'antivir, suivi du rapport de combofix exécuté juste après.


Antivir complet
AntiVir PersonalEdition Classic
Report file date: mardi 13 novembre 2007 19:36

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: VIDEO2

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 3/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 13 novembre 2007 19:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'tgcmd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Marine.VIDEO2\Local Settings\Temporary Internet Files\Content.IE5\07JZEO5T\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4789f1ad.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21540_597072294_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '476ef5e4.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21540_5a70d4a66_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '476ef5ea.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21588_546112c24_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '476ef644.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21662_53024b6c1_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '476ff649.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21706_5490046f4_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4770f64e.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\21775_543406ae7_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4770f652.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIE.vbs\22710_55d959d87_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIE.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4770f65a.qua'!
C:\Program Files\support.com\vault\en\EnableDisableCookiesForIEFR.vbs\22932_56423b36e_
[0] Archive type: CAB (Microsoft)
--> EnableDisableCookiesForIEFR.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4772f65a.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13265_5e42c19a0_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476bf65b.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13283_508fcbcc0_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4614aca4.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13306_55ba94bf7_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476cf65c.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13308_571dd02d0_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4613aca5.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13309_592b0ba6c_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476cf65e.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13309_5d5748787_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4613aca7.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13328_58202654c_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476cf65d.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13373_5aff06491_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4613aca6.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13374_5dc48ecab_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476cf65f.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\13419_58e17d088_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476df65e.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\14471_5da59641e_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476df65f.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\Copy of 13309_592b0ba6c_.cab
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '47a9f69a.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePage.vbs\Copy of 13374_5dc48ecab_.cab
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePage.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '46d6ac63.qua'!
C:\Program Files\support.com\vault\ie\IEDefaultHomePageFR.vbs\14577_5e2b7ad22_
[0] Archive type: CAB (Microsoft)
--> IEDefaultHomePageFR.vbs
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '476ef660.qua'!
C:\qoobox\Quarantine\catchme2007-11-11_122528.37.zip
[0] Archive type: ZIP
--> ldcore.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47adf69d.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47b3f69e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a8f6b0.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddaby.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '479af6a2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ldcore.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '479cf6a3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sstts.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47adf6b2.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '476cf6b2.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP263\A0048461.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769f6c1.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP264\A0050572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769f6c5.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP265\A0050587.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4769f6c6.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP265\A0050594.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4614b92f.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP265\A0050597.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769f6c7.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP266\A0050672.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769f6c9.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP266\A0050705.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4769f6ca.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP266\A0050706.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4614b923.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP266\A0050711.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4769f6cb.qua'!
C:\System Volume Information\_restore{04514AA2-206B-4E00-8CA1-6C33BA36C465}\RP270\A0051170.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769f6e0.qua'!
C:\Temp\crda.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.agb
[INFO] The file was moved to '479df723.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a8f72a.qua'!
Begin scan in 'F:\' <BOOT>
F:\WINDOWS\Downloaded Program Files\Ole32ws.inf
[DETECTION] Is the Trojan horse TR/Dldr.JH.1
[INFO] The file was moved to '479f0695.qua'!
Begin scan in 'G:\' <VIDEO>
Begin scan in 'H:\'


End of the scan: mardi 13 novembre 2007 21:30
Used time: 1:53:57 min

The scan has been done completely.

13398 Scanning directories
744663 Files were scanned
17 viruses and/or unwanted programs were found
26 Files were classified as suspicious:
0 files were deleted
0 files were repaired
43 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
744646 Files not concerned
11619 Archives were scanned
2 Warnings
1 Notes

ComboFix 07-11-08.1 - Marine 2007-11-13 22:41:00.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 1:00]
Running from: C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Marine.VIDEO2\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Marine.VIDEO2\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\xrpcfvog.dllbox

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 19:24 <REP> d-------- C:\Program Files\Avira
2007-11-13 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 14:12 36,352 --a------ C:\WINDOWS\system32\urqnonk.dll
2007-11-11 12:15 79,936 --a------ C:\WINDOWS\system32\faouhbbk.dll
2007-11-11 12:12 88,128 --a------ C:\WINDOWS\system32\emonluox.dll
2007-11-11 12:11 71,232 --a------ C:\WINDOWS\system32\uljwxayt.exe
2007-11-10 13:07 36,352 --a------ C:\WINDOWS\system32\efcbccd.dll
2007-11-10 12:02 0 --a------ C:\x.dat
2007-11-10 12:01 172,032 --a------ C:\winlogon.exe
2007-11-10 12:01 36,352 --a------ C:\WINDOWS\system32\pmnmnlj.dll
2007-11-10 12:01 4,401 --a------ C:\Documents and Settings\Marine.VIDEO2\z.dat
2007-11-10 12:01 0 --a------ C:\Documents and Settings\Marine.VIDEO2\x.dat
2007-11-10 11:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 11:10 81,472 --a------ C:\WINDOWS\system32\oqdxlpll.dll
2007-11-10 11:04 71,232 --a------ C:\WINDOWS\system32\vtvgaxif.exe
2007-11-10 11:03 71,232 --a------ C:\WINDOWS\system32\eppfcytr.exe
2007-11-07 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 19:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-07 19:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 19:52 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-07 17:49 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Lavasoft
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\xrpcfvog.dll
2007-11-07 17:32 145,984 --a------ C:\WINDOWS\system32\hgjbjbuc.dll
2007-11-07 17:31 35,328 --a------ C:\WINDOWS\system32\ssqronn.dll
2007-11-06 21:02 <REP> d-------- C:\Documents and Settings\Marine_2\Incomplete
2007-11-06 20:45 <REP> d-------- C:\Documents and Settings\Marine_2\Application Data\LimeWire
2007-11-06 19:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-06 19:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 19:24 35,328 --a------ C:\WINDOWS\system32\efcywwu.dll
2007-11-06 19:24 134 --a------ C:\n.bat
2007-11-06 19:24 0 --a------ C:\z.dat
2007-11-06 19:23 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 19:23 <REP> d-------- C:\Temp\mZOr
2007-11-06 19:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 12:04 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Pegasys Inc
2007-11-02 12:01 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\DivX
2007-11-02 11:58 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Talkback
2007-11-02 11:57 <REP> d-------- C:\Program Files\DivX
2007-11-02 11:57 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-02 11:57 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-02 11:57 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 10:00 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Ahead
2007-10-31 22:45 <REP> d-------- C:\Documents and Settings\Gilles\Contacts
2007-10-30 12:31 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\AdobeUM
2007-10-28 16:43 <REP> d-------- C:\Documents and Settings\Gilles\.hydrogen
2007-10-28 16:38 <REP> d-------- C:\Program Files\Hydrogen
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Incomplete
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 19:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-07 19:17 --------- d-----w C:\Program Files\Diablo II
2007-11-07 16:41 --------- d-----w C:\Program Files\LimeWire
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-14 17:43 --------- d-----w C:\Program Files\MSN Messenger
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-29 06:13 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-29 06:13 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-28 17:25 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-28 17:18 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_12.01.16.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}]
2007-11-06 19:24 35328 --a------ C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dacf4c6-8876-486f-bfc6-95adca81cde2}]
2007-11-11 12:15 79936 --a------ C:\WINDOWS\system32\faouhbbk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34B6FFC9-18AB-4CA7-A119-FCE79777816C}]
C:\Program Files\Movie Maker\hosetuxC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 17:32 145984 --a------ C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xrpcfvog.dll [2007-11-07 17:32 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"d0292f8e"="C:\WINDOWS\system32\emonluox.dll" [2007-11-11 12:12]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 08:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\efcywwu.dll [2007-11-06 19:24 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcywwu]
efcywwu.dll 2007-11-06 19:24 35328 C:\WINDOWS\system32\efcywwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xrpcfvog]
xrpcfvog.dll 2007-11-07 17:32 145984 C:\WINDOWS\system32\xrpcfvog.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 22:48:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 22:51:30 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-11 12:37
C:\ComboFix3.txt ... 2007-11-10 12:02
.
--- E O F ---


Voilà! Je ne sais pas comment tu t'y retrouves, mais je suis prêt à passer à l'attaque.
Merci de ton aide précieuse.

Bootsector

Re,

[#ff0000]Désactive ton antivirus ![/#f]

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Salut Angel, voici les deux rapports comme demandé. Je crois avoir bien respecté toutes tes consignes. C'était très clair. Merci

ComboFix 07-11-08.1 - Marine 2007-11-14 18:05:31.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.730 [GMT 1:00]
Running from: C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe
Command switches used :: M:\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
C:\WINDOWS\system32\efcbccd.dll
C:\WINDOWS\system32\efcywwu.dll
C:\WINDOWS\system32\emonluox.dll
C:\WINDOWS\system32\eppfcytr.exe
C:\WINDOWS\system32\faouhbbk.dll
C:\WINDOWS\system32\hgjbjbuc.dll
C:\WINDOWS\system32\oqdxlpll.dll
C:\WINDOWS\system32\pmnmnlj.dll
C:\WINDOWS\system32\ssqronn.dll
C:\WINDOWS\system32\uljwxayt.exe
C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\vtvgaxif.exe
C:\WINDOWS\system32\xrpcfvog.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\WINDOWS\system32\efcbccd.dll
C:\WINDOWS\system32\efcywwu.dll
C:\WINDOWS\system32\emonluox.dll
C:\WINDOWS\system32\eppfcytr.exe
C:\WINDOWS\system32\faouhbbk.dll
C:\WINDOWS\system32\hgjbjbuc.dll
C:\WINDOWS\system32\oqdxlpll.dll
C:\WINDOWS\system32\pmnmnlj.dll
C:\WINDOWS\system32\ssqronn.dll
C:\WINDOWS\system32\uljwxayt.exe
C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\vtvgaxif.exe
C:\WINDOWS\system32\xrpcfvog.dll
C:\WINDOWS\system32\xrpcfvog.dllbox
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 19:24 <REP> d-------- C:\Program Files\Avira
2007-11-13 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-10 12:01 4,401 --a------ C:\Documents and Settings\Marine.VIDEO2\z.dat
2007-11-10 12:01 0 --a------ C:\Documents and Settings\Marine.VIDEO2\x.dat
2007-11-10 11:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 19:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-07 19:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 19:52 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-07 17:49 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Lavasoft
2007-11-06 21:02 <REP> d-------- C:\Documents and Settings\Marine_2\Incomplete
2007-11-06 20:45 <REP> d-------- C:\Documents and Settings\Marine_2\Application Data\LimeWire
2007-11-06 19:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-06 19:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 19:23 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 19:23 <REP> d-------- C:\Temp\mZOr
2007-11-06 19:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 12:04 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Pegasys Inc
2007-11-02 12:01 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\DivX
2007-11-02 11:58 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Talkback
2007-11-02 11:57 <REP> d-------- C:\Program Files\DivX
2007-11-02 11:57 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-02 11:57 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-02 11:57 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 10:00 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Ahead
2007-10-31 22:45 <REP> d-------- C:\Documents and Settings\Gilles\Contacts
2007-10-30 12:31 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\AdobeUM
2007-10-28 16:43 <REP> d-------- C:\Documents and Settings\Gilles\.hydrogen
2007-10-28 16:38 <REP> d-------- C:\Program Files\Hydrogen
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Incomplete
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 19:17 --------- d-----w C:\Program Files\Diablo II
2007-11-07 16:41 --------- d-----w C:\Program Files\LimeWire
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-14 17:43 --------- d-----w C:\Program Files\MSN Messenger
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_12.01.16.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-13 22:05:40 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34B6FFC9-18AB-4CA7-A119-FCE79777816C}]
C:\Program Files\Movie Maker\hosetuxC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-13 23:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 08:52]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 18:13:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 18:14:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 22:51
C:\ComboFix3.txt ... 2007-11-11 12:37
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:26, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\MARINE~1.VID\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34B6FFC9-18AB-4CA7-A119-FCE79777816C} - C:\Program Files\Movie Maker\hosetuxC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.be
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4339 bytes

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

Salut Angel,

le système a l'air stable. Je te remercie encore une fois pour le temps et l'aide précieuse fournie pour résoudre ce problème.

Comme ton collègue le signale sur son forum (malekal's forum) je serai plus prudent à l'avenir en surfant.

Merci mille fois et bonne continuation. Les gens dans ton genre son vraiment géniaux.

Bien à toi et bonne continuation!!

Bootsector.

Pas fini. Reposte un rapport Hijackthis.

ok,

j'ai parlé un peu trop vite. Voici un rapport combofix suivi d'un hijackthis.

ComboFix 07-11-08.1 - Marine 2007-11-15 19:39:26.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.662 [GMT 1:00]
Running from: C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marine_2\Bureau\internet.lnk

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.

2007-11-14 19:49 <REP> d-------- C:\Documents and Settings\Marine\.limewire
2007-11-13 19:24 <REP> d-------- C:\Program Files\Avira
2007-11-13 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-10 12:01 4,401 --a------ C:\Documents and Settings\Marine.VIDEO2\z.dat
2007-11-10 12:01 0 --a------ C:\Documents and Settings\Marine.VIDEO2\x.dat
2007-11-10 11:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-07 19:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-07 19:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-07 19:52 <REP> d-------- C:\WINDOWS\Internet Logs
2007-11-07 17:49 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Lavasoft
2007-11-06 21:02 <REP> d-------- C:\Documents and Settings\Marine_2\Incomplete
2007-11-06 20:45 <REP> d-------- C:\Documents and Settings\Marine_2\Application Data\LimeWire
2007-11-06 20:24 <REP> d-------- C:\Documents and Settings\Anaïs.VIDEO2\Incomplete
2007-11-06 20:24 <REP> d-------- C:\Documents and Settings\Anaïs.VIDEO2\Incomplete
2007-11-06 19:48 <REP> d-------- C:\Documents and Settings\Anaïs.VIDEO2\Application Data\LimeWire
2007-11-06 19:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-06 19:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 19:23 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 19:23 <REP> d-------- C:\Temp\mZOr
2007-11-06 19:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 12:04 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Pegasys Inc
2007-11-02 12:01 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\DivX
2007-11-02 11:58 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Talkback
2007-11-02 11:57 <REP> d-------- C:\Program Files\DivX
2007-11-02 11:57 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-02 11:57 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-02 11:57 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-02 10:00 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\Ahead
2007-10-31 22:45 <REP> d-------- C:\Documents and Settings\Gilles\Contacts
2007-10-30 12:31 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\AdobeUM
2007-10-28 16:43 <REP> d-------- C:\Documents and Settings\Gilles\.hydrogen
2007-10-28 16:38 <REP> d-------- C:\Program Files\Hydrogen
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Incomplete
2007-10-24 13:12 <REP> d-------- C:\Documents and Settings\Marine.VIDEO2\Application Data\LimeWire
2007-10-16 17:05 <REP> d---s---- C:\Documents and Settings\Anaïs.VIDEO2\UserData
2007-10-16 17:05 <REP> d---s---- C:\Documents and Settings\Anaïs.VIDEO2\UserData

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 17:29 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-15 17:29 --------- d-----w C:\Program Files\Diablo II
2007-11-11 11:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 16:41 --------- d-----w C:\Program Files\LimeWire
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-29 06:13 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-29 06:13 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-28 17:25 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-28 17:18 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-10_12.01.16.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-15 17:54:58 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-14 20:33:59 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-15 17:54:58 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-14 20:33:59 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-15 17:54:58 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-14 20:33:59 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-15 17:54:58 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-14 20:33:58 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-15 17:54:58 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-14 20:33:59 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-15 17:54:59 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-14 20:33:59 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-15 17:54:59 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-14 20:33:59 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-15 17:54:59 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-14 20:33:59 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-15 17:54:58 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-14 20:33:59 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-15 17:54:58 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-14 20:33:58 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-15 17:54:59 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-14 20:33:59 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-15 17:54:58 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-14 20:33:58 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-15 17:54:58 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-14 20:33:58 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-12-19 21:49:47 8,509,952 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-13 22:05:40 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
- 2005-10-12 23:15:23 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-21 10:53:25 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-13 23:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 08:52]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

R3 phil2vid;Appareil photo VGA USB Philips PCVC690;C:\WINDOWS\system32\DRIVERS\philcam2.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 19:41:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 19:42:31
C:\ComboFix2.txt ... 2007-11-14 18:14
C:\ComboFix3.txt ... 2007-11-13 22:51
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:12, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\MARINE~1.VID\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.be
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4061 bytes

Voilà.

Merci!

Encore des soucis ?
Si non :

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Le voici...

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Marine.VIDEO2\Local Settings\Temp\Rar$EX00.156\HijackThis.exe: trouvé !
C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe: trouvé !
C:\Documents and Settings\Marine.VIDEO2\Recent\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Marine.VIDEO2\Local Settings\Temp\Rar$EX00.156\HijackThis.exe: supprimé !
C:\Documents and Settings\Marine.VIDEO2\Mes documents\téléchargement\ComboFix.exe: supprimé !
C:\Documents and Settings\Marine.VIDEO2\Recent\HijackThis.lnk: supprimé !
C:\Qoobox: supprimé !

Des questions ?

J'ai pas tout compris!! Les programmes ont tout supprimé??
toolsscleaner a viré les programmes utiliés pour scanner et nettoyer?

J'ai eu des alertes sur antivir du genre

TR/inject.jt
TR/trashGen
TR/Agent.cmn.1
TR/Vundo.CA

Qu'est-ce que c'est??

Merci d'avance.

Tu peux me donner l'emplacement ?

Salut Angel,

Voilà seulement que je peux m'y remettre un peu.

L'emplacement des bêbêtes est le suivant:


TR/inject.jt
C:\documents and settings\Marine.VIDEO2\Local Settings\Temp\wgeyweq.dll

TR/trashGen
C:\qoobox\quarntine\C\WINDOWS\system32\efcywwu.dll.vir

TR/Agent.cmn.1
C:\WINDOWS\Fonts\svchost.exe

TR/Vundo.CA
C:\WINDOWS\system32\xrpcfvog.dll

Et il y a deux petits nouveaux!!

TR/Fotomoto.F.1
C:\System Volume Information\_restore{04514AA-206B-4E00-8CA1-6C33BA36C465\RP271\A0051251.exe

TR/Spy.Vundo.79936
C:\System Volume Information\_restore{04514AA-206B-4E00-8CA1-6C33BA36C465\RP271\A0051248.dll

Voilà!

J'espère que cela t'aidera!

Merci et bonne fin de dimanche.

Bootsector

Tu peux refaire un scan Combofix ?

Salut Angel,

mon ordi ne veut pas exécuter combofix, il prétend que des fichiers sont corrompus. Il souhaite que j'installe une version plus récente. Impossible!
Pas moyen non plus de désinstaller l'ancien combofix qui se trouve sur C:\.

Que dois-je faire?

Merci pour ton aide.

Tu as essayé de le supprimer en mode sans échec ?

Non, j'y vais de ce pas!

Merci.