Virus trojan

Bonjour

Il y a infection.

Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2....
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.

Re.
Un grand merci pour ton aide, jespere que l'infection n'es pas trop grave, voici le rapport :

Rapport lopxpMH2 version 2.0 fait à 14:01:58,93 le lun. 19/11/2007
C:\Documents and Settings\lekev\Desktop\lopxpMH2

******************************************
## Répertoires Application Data

Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\Administrator\Application Data

16/09/2006 16:22 <DIR> .
16/09/2006 16:22 <DIR> ..
16/09/2006 18:51 <DIR> Adobe
16/09/2006 18:51 <DIR> AdobeUM
16/09/2006 16:45 <DIR> Apple Computer
16/09/2006 16:53 <DIR> Google
16/09/2006 16:23 <DIR> Identities
16/09/2006 16:58 <DIR> Macromedia
16/09/2006 19:39 <DIR> Media Player Classic
16/09/2006 16:22 <DIR> Microsoft
16/09/2006 16:23 <DIR> Real
16/09/2006 16:22 62 desktop.ini
1 File(s) 62 bytes
11 Dir(s) 14.069.125.120 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data

16/09/2006 16:22 <DIR> .
16/09/2006 16:22 <DIR> ..
16/09/2006 18:51 <DIR> Adobe
16/09/2006 16:45 <DIR> Apple Computer
16/09/2006 16:23 <DIR> Google
16/09/2006 16:22 <DIR> Microsoft
16/09/2006 19:20 3.584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
16/09/2006 16:22 60.184 GDIPFONTCACHEV1.DAT
2 File(s) 63.768 bytes
6 Dir(s) 14.069.125.120 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\All Users\Application Data

14/08/2005 10:59 <DIR> .
14/08/2005 10:59 <DIR> ..
15/08/2005 02:39 <DIR> ACD Systems
15/08/2005 01:08 <DIR> Adobe
21/08/2005 19:48 <DIR> Apple Computer
10/04/2007 09:49 <DIR> avg7
15/08/2005 01:02 <DIR> CyberLink
15/08/2005 03:11 <DIR> DVD Shrink
16/11/2007 22:26 <DIR> erreurchasseur
13/09/2006 07:22 <DIR> Google
10/04/2007 09:49 <DIR> Grisoft
14/08/2005 10:59 <DIR> Microsoft
14/08/2005 20:08 <DIR> MSN6
12/11/2005 19:38 <DIR> muvee Technologies
14/08/2005 21:31 <DIR> Network Associates
19/06/2006 13:48 <DIR> nView_Profiles
17/08/2005 10:01 <DIR> QuickTime
13/05/2006 12:19 <DIR> River Past G4
16/11/2007 22:26 <DIR> SalesMonitor
02/11/2005 12:42 <DIR> Skype
02/07/2006 20:24 <DIR> SmartSound Software Inc
18/07/2006 18:23 <DIR> Sony Corporation
12/09/2005 12:04 <DIR> Spybot - Search & Destroy
03/09/2005 12:47 <DIR> Support.com
02/07/2006 20:22 <DIR> Ulead Systems
01/11/2005 21:18 <DIR> Windows Genuine Advantage
14/08/2005 11:00 62 desktop.ini
21/08/2005 19:49 1.755 QTSBandwidthCache
2 File(s) 1.817 bytes
26 Dir(s) 14.069.125.120 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\allili\Application Data

15/08/2005 10:56 <DIR> .
15/08/2005 10:56 <DIR> ..
17/08/2005 10:27 <DIR> Adobe
01/11/2005 21:56 <DIR> AdobeUM
16/04/2006 15:13 <DIR> Apple Computer
22/10/2005 16:17 <DIR> CyberLink
14/09/2006 16:57 <DIR> Google
15/08/2005 11:02 <DIR> Macromedia
15/05/2006 16:11 <DIR> Media Player Classic
15/08/2005 10:56 <DIR> Microsoft
21/08/2005 15:34 <DIR> Real
27/11/2005 14:06 <DIR> Skype
15/08/2005 10:56 62 desktop.ini
13/03/2006 17:52 1.112 ViewerApp.dat
2 File(s) 1.174 bytes
12 Dir(s) 14.069.121.024 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\allili\Local Settings\Application Data

15/08/2005 10:56 <DIR> .
15/08/2005 10:56 <DIR> ..
17/08/2005 10:27 <DIR> Adobe
28/08/2005 18:50 <DIR> Apple Computer
25/12/2005 13:44 <DIR> Google
04/05/2006 17:41 <DIR> Identities
15/08/2005 10:56 <DIR> Microsoft
13/01/2006 19:32 <DIR> WMTools Downloaded Files
13/01/2006 19:27 54.784 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
27/09/2005 15:24 60.184 GDIPFONTCACHEV1.DAT
15/08/2005 13:34 2.112.396 IconCache.db
3 File(s) 2.227.364 bytes
8 Dir(s) 14.069.121.024 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\Default User\Application Data

14/08/2005 10:59 <DIR> .
14/08/2005 10:59 <DIR> ..
14/08/2005 10:59 <DIR> Microsoft
14/08/2005 11:00 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 14.069.121.024 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\Default User\Local Settings\Application Data

14/08/2005 11:00 <DIR> .
14/08/2005 11:00 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 14.069.121.024 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\lekev\Application Data

15/08/2005 01:35 <DIR> .
15/08/2005 01:35 <DIR> ..
11/09/2005 11:03 <DIR> ACD Systems
22/09/2005 15:47 <DIR> Adobe
12/11/2005 20:01 <DIR> AdobeUM
11/09/2005 10:56 <DIR> Apple Computer
10/04/2007 10:37 <DIR> AVG7
02/08/2006 15:48 <DIR> BitTorrent
04/03/2006 17:06 <DIR> CyberLink
17/09/2007 17:35 <DIR> eMule
15/09/2005 17:50 <DIR> Google
02/07/2006 20:24 <DIR> Help
17/08/2005 08:52 <DIR> InstallShield
26/10/2005 18:26 <DIR> Lavasoft
01/01/2006 15:11 <DIR> Leadertech
17/08/2005 08:39 <DIR> Macromedia
14/05/2006 19:33 <DIR> Media Player Classic
15/08/2005 01:35 <DIR> Microsoft
01/11/2007 17:29 <DIR> Mozilla
21/12/2005 21:26 <DIR> MSN6
02/07/2006 20:38 <DIR> Pegasys Inc
21/08/2005 19:23 <DIR> Real
02/07/2006 15:49 <DIR> River Past G4
26/06/2006 15:35 <DIR> Skype
20/07/2006 18:04 <DIR> Sony Corporation
15/08/2006 18:32 <DIR> teamspeak2
02/07/2006 20:27 <DIR> Ulead Systems
15/08/2005 01:35 62 desktop.ini
16/11/2007 22:25 200.216 setup_fr[1].exe
17/04/2006 14:13 560 ViewerApp.dat
3 File(s) 200.838 bytes
27 Dir(s) 14.069.121.024 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\lekev\Local Settings\Application Data

15/08/2005 01:35 <DIR> .
15/08/2005 01:35 <DIR> ..
24/09/2007 17:15 <DIR> {A7A0984E-848A-4FE8-8C04-D1E79C9E4B6A}
11/09/2005 11:03 <DIR> ACDSee
22/09/2005 15:47 <DIR> Adobe
22/11/2005 20:20 <DIR> Ahead
21/08/2005 19:50 <DIR> Apple Computer
23/11/2005 18:40 <DIR> Google
02/07/2006 20:24 <DIR> Help
04/05/2006 17:41 <DIR> Identities
15/08/2005 01:35 <DIR> Microsoft
01/11/2007 17:29 <DIR> Mozilla
24/09/2007 17:16 <DIR> Pando
09/05/2006 15:03 <DIR> WMTools Downloaded Files
18/08/2005 10:09 240.640 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
07/09/2005 17:09 60.184 GDIPFONTCACHEV1.DAT
15/08/2005 02:00 3.739.114 IconCache.db
3 File(s) 4.039.938 bytes
14 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\LocalService\Application Data

14/08/2005 09:18 <DIR> .
14/08/2005 09:18 <DIR> ..
10/04/2007 09:49 <DIR> AVG7
14/08/2005 09:18 <DIR> Microsoft
0 File(s) 0 bytes
4 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data

14/08/2005 09:18 <DIR> .
14/08/2005 09:18 <DIR> ..
14/08/2005 09:18 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\NetworkService\Application Data

14/08/2005 09:18 <DIR> .
14/08/2005 09:18 <DIR> ..
14/08/2005 09:18 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data

14/08/2005 09:18 <DIR> .
14/08/2005 09:18 <DIR> ..
14/08/2005 09:18 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\steph\Application Data

14/08/2005 09:32 <DIR> .
14/08/2005 09:32 <DIR> ..
15/08/2005 02:41 <DIR> ACD Systems
15/08/2005 10:45 <DIR> Adobe
15/08/2005 10:45 <DIR> AdobeUM
07/10/2006 17:11 <DIR> Ahead
21/08/2005 19:49 <DIR> Apple Computer
10/04/2007 09:49 <DIR> AVG7
04/08/2006 07:37 <DIR> BitTorrent
20/08/2005 21:13 <DIR> CyberLink
27/08/2005 08:25 <DIR> Google
08/07/2006 09:54 <DIR> Help
14/08/2005 23:05 <DIR> Lavasoft
14/08/2005 22:36 <DIR> Macromedia
14/05/2006 09:22 <DIR> Media Player Classic
14/08/2005 09:32 <DIR> Microsoft
02/01/2006 11:56 <DIR> Mozilla
14/08/2005 20:08 <DIR> MSN6
21/08/2005 15:31 <DIR> Real
13/05/2006 15:44 <DIR> River Past G4
13/05/2006 12:19 <DIR> RiverPast G4
15/08/2005 03:22 <DIR> Skype
18/07/2006 18:21 <DIR> Sony Corporation
02/09/2006 14:14 <DIR> teamspeak2
31/08/2005 20:57 <DIR> VoipBuster
29/12/2005 11:11 <DIR> VoipStunt
14/08/2005 09:32 62 desktop.ini
14/01/2006 18:10 1.664 ViewerApp.dat
2 File(s) 1.726 bytes
26 Dir(s) 14.069.116.928 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\steph\Local Settings\Application Data

14/08/2005 09:32 <DIR> .
14/08/2005 09:32 <DIR> ..
21/08/2006 08:35 <DIR> ACD Systems
15/08/2005 02:41 <DIR> ACDSee
15/08/2005 10:45 <DIR> Adobe
15/08/2005 01:15 <DIR> Ahead
21/08/2005 19:49 <DIR> Apple Computer
23/12/2005 16:55 <DIR> Google
08/07/2006 09:54 <DIR> Help
23/04/2006 13:37 <DIR> Identities
14/08/2005 09:32 <DIR> Microsoft
21/08/2006 08:12 <DIR> Showtime
18/09/2006 18:57 <DIR> WMTools Downloaded Files
15/08/2005 02:52 90.624 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
28/08/2005 17:33 60.184 GDIPFONTCACHEV1.DAT
02/05/2006 19:08 3.776.406 IconCache.db
3 File(s) 3.927.214 bytes
13 Dir(s) 14.069.112.832 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\tagali\Application Data

15/08/2005 01:57 <DIR> .
15/08/2005 01:57 <DIR> ..
21/09/2005 07:41 <DIR> ACD Systems
29/10/2005 11:39 <DIR> Adobe
01/11/2005 21:57 <DIR> AdobeUM
08/05/2006 12:57 <DIR> CyberLink
27/02/2006 10:42 <DIR> Google
10/12/2005 01:10 <DIR> Lavasoft
16/08/2005 09:11 <DIR> Macromedia
15/08/2005 01:57 <DIR> Microsoft
22/08/2005 13:07 <DIR> Real
21/06/2006 11:05 <DIR> Skype
15/03/2006 16:03 <DIR> yahoo!
15/08/2005 01:57 62 desktop.ini
03/06/2006 18:35 836 ViewerApp.dat
2 File(s) 898 bytes
13 Dir(s) 14.069.112.832 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Documents and Settings\tagali\Local Settings\Application Data

15/08/2005 01:57 <DIR> .
15/08/2005 01:57 <DIR> ..
21/09/2005 07:41 <DIR> ACDSee
29/10/2005 11:39 <DIR> Adobe
13/06/2006 20:49 <DIR> Ahead
10/12/2005 00:40 <DIR> Apple Computer
23/12/2005 20:53 <DIR> Google
25/04/2006 08:19 <DIR> Identities
15/08/2005 01:57 <DIR> Microsoft
15/10/2005 11:56 7.680 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
03/09/2005 12:38 60.184 GDIPFONTCACHEV1.DAT
15/08/2005 02:00 3.734.354 IconCache.db
3 File(s) 3.802.218 bytes
9 Dir(s) 14.069.112.832 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\WINDOWS\system32\config\systemprofile\Application Data

14/08/2005 09:17 <DIR> .
14/08/2005 09:17 <DIR> ..
14/08/2005 09:17 <DIR> Microsoft
14/08/2005 09:17 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 14.069.112.832 bytes free
Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

14/08/2005 09:17 <DIR> .
14/08/2005 09:17 <DIR> ..
28/08/2005 16:53 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 14.069.112.832 bytes free

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\A5364E04919DC1A0.job
s "ˆ!Ö 8 c : \ d o c u m e ~ 1 \ l e k e v \ a p p l i c ~ 1 \ e x i t p l ~ 1 \ C L O C K U S E R P U R E . e x e l e k e v € 0 Ï   <

C:\WINDOWS\Tasks\AE7E0AAE918988B2.job
s "ˆ!Ö H 9 c : \ d o c u m e ~ 1 \ t a g a l i \ a p p l i c ~ 1 \ e x i t p l ~ 1 \ C L O C K U S E R P U R E . e x e t a g a l i € 0 Î   <

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
0c1ÿØBºæ0ƽrƒfF ê <
s ˆ!× + : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M € 0 Ö +

C:\WINDOWS\Tasks\WTR.job
s ! ? C : \ P r o g r a m F i l e s \ b u l l e t p r o o f s o f t . c o m \ W i n T r a c e R e m o v e r \ 1 A 2 3 8 A 7 7 W i n T r a c e R e m o v e r

C:\WINDOWS\Tasks\XoftSpy.job
X’!Âi^@B¿wà⧋F * <
s ! % C : \ P r o g r a m F i l e s \ X o f t S p y \ X o f t S p y . e x e - t C : \ P r o g r a m F i l e s \ X o f t S p y s t e p h R u n s X o f t S p y a t S c h e d u l e d T i m e .
******************************************
## Répertoires de C:\Program Files

Volume in drive C is system
Volume Serial Number is A82F-C66D

Directory of C:\Program Files

12/07/2006 21:55 29.784 Terms.html
16/11/2007 22:26 <DIR> .
16/11/2007 22:26 <DIR> ..
16/09/2006 19:51 <DIR> 7-Zip
21/08/2006 08:05 <DIR> ACD Systems
16/10/2006 20:21 <DIR> Adobe
31/10/2007 14:38 <DIR> Advanced IP Scanner
31/10/2007 14:33 <DIR> Advanced Port Scanner
15/08/2005 01:12 <DIR> Ahead
06/07/2006 17:49 <DIR> Akimania.com
22/09/2005 19:24 <DIR> Alcohol Soft
16/09/2006 15:39 <DIR> Apple Software Update
14/08/2005 20:47 <DIR> ArcSoft
21/10/2006 20:41 <DIR> Atlas
16/09/2006 19:43 <DIR> AVIcodec
17/12/2005 19:26 <DIR> AVSMedia
01/11/2005 21:57 <DIR> Aws
28/02/2007 18:29 <DIR> Chevalmag
14/08/2005 20:54 <DIR> C-Media
16/09/2006 19:56 <DIR> Combined Community Codec Pack
16/11/2007 22:26 <DIR> Common Files
14/08/2005 09:10 <DIR> ComPlus Applications
14/08/2005 20:17 <DIR> Creative
15/08/2005 01:02 <DIR> CyberLink
28/10/2005 11:25 <DIR> CyberLink DVD Solution
14/08/2005 20:15 <DIR> directx
16/09/2006 19:29 <DIR> DivX
10/05/2006 14:19 <DIR> Easy GIF Animator
06/12/2005 20:40 <DIR> Elaborate Bytes
19/11/2007 13:19 <DIR> eMule
14/10/2005 08:47 <DIR> EPSON
17/11/2007 19:14 <DIR> ErreurChasseur
29/12/2006 14:59 <DIR> ewido anti-spyware 4.0
23/03/2006 17:27 <DIR> exit plus
01/11/2007 17:01 <DIR> Google
17/09/2006 12:21 <DIR> GrabIt
10/04/2007 09:49 <DIR> Grisoft
21/12/2005 16:38 <DIR> Guitar Pro 4
23/05/2007 17:43 <DIR> Guitar Pro 5
12/09/2005 11:52 <DIR> InterMute
10/10/2007 19:29 <DIR> Internet Explorer
16/09/2006 16:45 <DIR> iPod
14/08/2005 20:29 <DIR> ISS
16/09/2006 16:45 <DIR> iTunes
09/05/2006 17:49 <DIR> Konvertor
14/08/2005 23:05 <DIR> Lavasoft
09/05/2006 15:21 <DIR> Liatro
16/10/2006 19:01 <DIR> Linksys Wireless-G PCI Network Adapter with SpeedBooster
15/02/2007 16:55 <DIR> LogMeIn
16/09/2006 19:26 <DIR> Matroska Pack
14/05/2006 08:48 <DIR> Matroska Playback Pack
14/05/2006 09:22 <DIR> Media Player Classic
29/08/2005 12:54 <DIR> Messenger
29/04/2007 11:31 <DIR> MessengerPlus! 3
14/08/2005 09:15 <DIR> microsoft frontpage
05/09/2006 19:55 <DIR> Microsoft Office
05/09/2006 19:56 <DIR> Microsoft.NET
28/08/2005 11:19 <DIR> Movie Maker
04/06/2006 22:57 49.465 moviepass Terms.html
18/11/2007 20:54 <DIR> Mozilla Firefox
21/12/2005 21:28 <DIR> MSN
14/08/2005 09:09 <DIR> MSN Gaming Zone
04/02/2007 20:22 <DIR> MSN Messenger
12/11/2005 19:40 <DIR> muvee Technologies
28/08/2005 11:14 <DIR> NetMeeting
14/08/2005 09:12 <DIR> Online Services
13/06/2007 20:56 <DIR> Outlook Express
14/08/2005 20:53 <DIR> PCI Audio Applications
02/07/2006 20:36 <DIR> Pegasys Inc
02/10/2007 17:47 <DIR> PhotoFiltre Studio
08/01/2006 17:14 <DIR> PIXELA
23/01/2006 14:42 <DIR> Popup Manager
16/09/2006 16:44 <DIR> QuickTime
21/08/2005 15:31 <DIR> Real
13/05/2006 12:19 <DIR> River Past
15/08/2005 03:22 <DIR> Skype
02/07/2006 20:24 <DIR> SmartSound Software
18/07/2006 18:24 <DIR> Sony
21/08/2006 10:40 <DIR> Sony Corporation
21/08/2006 07:48 <DIR> Spybot - Search & Destroy
03/09/2005 12:47 <DIR> support.com
01/11/2005 21:54 <DIR> Tap'Touche
15/08/2006 18:32 <DIR> Teamspeak2_RC2
11/03/2006 10:15 <DIR> Ubi Soft
01/11/2005 21:57 <DIR> Ubisoft
18/09/2006 12:21 <DIR> Ulead Systems
11/03/2004 12:27 40.960 Uninstall_CDS.exe
06/07/2006 18:17 <DIR> VCW VicMan's Photo Editor
28/10/2005 17:55 <DIR> via_lattea
02/07/2006 20:33 <DIR> Vidéo Montage
21/06/2006 23:17 <DIR> WinAce
29/07/2006 14:22 <DIR> Winamp
02/07/2006 20:22 <DIR> Windows Media Components
25/03/2007 15:43 <DIR> Windows Media Connect 2
25/03/2007 15:43 <DIR> Windows Media Player
28/08/2005 11:14 <DIR> Windows NT
22/09/2005 17:43 <DIR> WinRAR
06/09/2007 16:56 <DIR> WowCartographe
14/08/2005 09:15 <DIR> xerox
29/12/2006 15:01 <DIR> XoftSpy
28/08/2006 15:52 <DIR> Yahoo!
3 File(s) 120.209 bytes
98 Dir(s) 14.069.088.256 bytes free

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ
*.system-processes.com REG_BINARY
www.eurosport.fr REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.google.com/ie

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WebCam Go Plus Sti Service Application REG_SZ Wcgopsvc
Aceflapmapiroam REG_SZ C:\Documents and Settings\All Users\Application Data\Heart1aceflap\BibEnc.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BYTETRUST REG_SZ C:\DOCUME~1\lekev\APPLIC~1\EXITPL~1\Title Noun.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Que dois je faire maintenant ?

Merci d'avance.

Bonjour


Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Aceflapmapiroam] C:\Documents and Settings\All Users\Application Data\Heart1aceflap\BibEnc.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BYTETRUST] C:\DOCUME~1\lekev\APPLIC~1\EXITPL~1\Title Noun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\Documents and Settings\All Users\Application Data\Heart1aceflap
C:\Documents and Settings\All Users\Application Data\erreurchasseur
C:\WINDOWS\Tasks\A5364E04919DC1A0.job
C:\WINDOWS\Tasks\AE7E0AAE918988B2.job
C:\WINDOWS\Tasks\WTR.job
C:\Program Files\bulletproofsoft.com
C:\Program Files\ErreurChasseur

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis

Un grand merci pour ton aide, voici les rapports:

File/Folder C:\Documents and Settings\All Users\Application Data\Heart1aceflap not found.
Folder move failed. C:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\user scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\oid scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\em scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\erreurchasseur\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\erreurchasseur moved successfully.
C:\WINDOWS\Tasks\A5364E04919DC1A0.job moved successfully.
C:\WINDOWS\Tasks\AE7E0AAE918988B2.job moved successfully.
C:\WINDOWS\Tasks\WTR.job moved successfully.
File/Folder C:\Program Files\bulletproofsoft.com not found.
C:\Program Files\ErreurChasseur moved successfully.

Created on 11/20/2007 16:50:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:30, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\Wcgopsvc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\WcgopSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\lekev\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {4B07FDCB-8D38-4780-BB8E-45D9C429F033} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\qommkjh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2952F95-3145-8E63-6F37-E64D21FAAE2B} - C:\DOCUME~1\lekev\APPLIC~1\SHOWTI~1\ERROR NAME.exe (file missing)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADPK] C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE
O4 - HKLM\..\Run: [Ad Blocker Pro] "C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" -minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfab.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "G:\jeux\C.s\Steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\lekev\Local Settings\Temp\{D4D0F110-2A2C-43CA-A09D-41E7093E04DD}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Akimania.com.lnk = C:\Program Files\Akimania.com\Pochette express pro v5.0\Akimania.com.exe
O4 - Global Startup: avgcc.exe.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O16 - DPF: FortisCzPc - https://www.fintrobanking.be/FortisCzPC.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.be/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC16F3D-5B93-42C0-9BE7-C079FB7AB9AA}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{E975C80E-8FB9-4757-87EB-73C385400026}: NameServer = 195.242.208.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O20 - Winlogon Notify: qommkjh - qommkjh.dll (file missing)
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9620 bytes

Voilà jespere que le virus n'a pas laissé de trace, merci de me dire quoi   A+

Bonjour


Une autre infection est visible.


Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {4B07FDCB-8D38-4780-BB8E-45D9C429F033} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\qommkjh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2952F95-3145-8E63-6F37-E64D21FAAE2B} - C:\DOCUME~1\lekev\APPLIC~1\SHOWTI~1\ERROR NAME.exe (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfab.dll,startup
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-B [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: qommkjh - qommkjh.dll (file missing)
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Re encore merci pour ton aide, voici les rapports :


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 12:37:13 21/11/2007

Listing files found while scanning....

C:\windows\system32\drvfabr.dll
C:\windows\system32\drvjowr.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvfabr.dll
C:\windows\system32\drvfabr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvjowr.dll
C:\windows\system32\drvjowr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 13:02:59 21/11/2007

Listing files found while scanning....





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:39, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Wcgopsvc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\WINDOWS\WcgopSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Anti-virus\VundoFix.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lekev\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADPK] C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE
O4 - HKLM\..\Run: [Ad Blocker Pro] "C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" -minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "G:\jeux\C.s\Steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\lekev\Local Settings\Temp\{D4D0F110-2A2C-43CA-A09D-41E7093E04DD}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Akimania.com.lnk = C:\Program Files\Akimania.com\Pochette express pro v5.0\Akimania.com.exe
O4 - Global Startup: avgcc.exe.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O16 - DPF: FortisCzPc - https://www.fintrobanking.be/FortisCzPC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.be/clients/ImageUploader3.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC16F3D-5B93-42C0-9BE7-C079FB7AB9AA}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{E975C80E-8FB9-4757-87EB-73C385400026}: NameServer = 195.242.208.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 7766 bytes


Voilà, c'est clean maintenant ?   merci A+

Bien, plus de signe d'infection dans Hijackthis.


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...

Re. j'ai eu une nouvelle alerte trojan :
j'ai refait un scan :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:13, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\WcgopSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Wcgopsvc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lekev\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADPK] C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE
O4 - HKLM\..\Run: [Ad Blocker Pro] "C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" -minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "G:\jeux\C.s\Steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\lekev\Local Settings\Temp\{D4D0F110-2A2C-43CA-A09D-41E7093E04DD}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Akimania.com.lnk = C:\Program Files\Akimania.com\Pochette express pro v5.0\Akimania.com.exe
O4 - Global Startup: avgcc.exe.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O16 - DPF: FortisCzPc - https://www.fintrobanking.be/FortisCzPC.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.be/clients/ImageUploader3.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC16F3D-5B93-42C0-9BE7-C079FB7AB9AA}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{E975C80E-8FB9-4757-87EB-73C385400026}: NameServer = 195.242.208.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DC2170B-24E3-4B38-8721-0DF3BC7468DC}: NameServer = 195.242.208.40
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 7785 bytes

Voilà, A+ et merci .

Bonjour


Rien dans Hijackthis.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse

ComboFix 07-11-19.3 - lekev 2007-11-23 18:18:36.1 - NTFSx86
Running from: C:\Program Files\Anti-virus\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\lekev\Application Data\setup_fr[1].exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_WINDEV-2FC-12A4
-------\fwdrv.sys
-------\nm
-------\ntndis
-------\runtime
-------\sfsync02
-------\windev-2fc-12a4


((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-23 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-21 13:02 <DIR> d-------- C:\Program Files\Anti-virus
2007-11-21 12:37 <DIR> d-------- C:\VundoFix Backups
2007-11-16 22:26 <DIR> d-------- C:\Program Files\Common Files\ErreurChasseur
2007-11-16 22:26 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-14 12:28 103,592 --ahs---- C:\WINDOWS\system32\nqstv.ini
2007-11-14 12:28 103,260 --ahs---- C:\WINDOWS\system32\nqstv.ini2
2007-11-01 17:30 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-01 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-31 14:38 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2007-10-31 14:38 314,659 --a------ C:\ipscan15.exe
2007-10-31 14:33 <DIR> d-------- C:\Program Files\Advanced Port Scanner
2007-10-31 14:33 436,309 --a------ C:\pscan13.exe
2007-10-26 17:46 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-10-26 17:46 66,302 --a------ C:\WINDOWS\War3Unin.dat
2007-10-26 17:46 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-10-24 16:03 20,992 --a------ C:\WINDOWS\system32\winbjv32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:07 --------- d-----w C:\Program Files\eMule
2007-11-23 18:07 --------- d-----w C:\Documents and Settings\lekev\Application Data\AVG7
2007-11-01 16:01 --------- d-----w C:\Program Files\Google
2007-10-02 16:47 --------- d-----w C:\Program Files\PhotoFiltre Studio
2006-08-18 19:02 1,664 ----a-w C:\Documents and Settings\steph\Application Data\ViewerApp.dat
2006-08-18 18:57 836 ----a-w C:\Documents and Settings\tagali\Application Data\ViewerApp.dat
2006-07-12 20:55 29,784 ----a-w C:\Program Files\ Terms.html
2006-06-18 13:52 560 ----a-w C:\Documents and Settings\lekev\Application Data\ViewerApp.dat
2006-06-11 14:43 1,112 ----a-w C:\Documents and Settings\allili\Application Data\ViewerApp.dat
2006-06-04 21:57 49,465 ----a-w C:\Program Files\moviepass Terms.html
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Steam"="G:\jeux\C.s\Steam.exe" []
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 17:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-12-23 16:55]
"WebCam Go Plus Sti Service Application"="Wcgopsvc" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"ADPK"="C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE" []
"Ad Blocker Pro"="C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 06:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 00:58]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 19:55]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 09:38]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~2\goec62~1.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae61660-2b97-11da-8130-00a0245d9464}]
\Shell\AutoRun\command - I:\AutoPlay.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 14:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-11-12 00:52:36 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 19:09:18
.
--- E O F ---

Bien.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\winbjv32.dll

Folder::
C:\Program Files\Common Files\ErreurChasseur

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ComboFix 07-11-19.3 - lekev 2007-11-23 18:18:36.1 - NTFSx86
Running from: C:\Program Files\Anti-virus\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\lekev\Application Data\setup_fr[1].exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_WINDEV-2FC-12A4
-------\fwdrv.sys
-------\nm
-------\ntndis
-------\runtime
-------\sfsync02
-------\windev-2fc-12a4


((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-23 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-21 13:02 <DIR> d-------- C:\Program Files\Anti-virus
2007-11-21 12:37 <DIR> d-------- C:\VundoFix Backups
2007-11-16 22:26 <DIR> d-------- C:\Program Files\Common Files\ErreurChasseur
2007-11-16 22:26 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-14 12:28 103,592 --ahs---- C:\WINDOWS\system32\nqstv.ini
2007-11-14 12:28 103,260 --ahs---- C:\WINDOWS\system32\nqstv.ini2
2007-11-01 17:30 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-01 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-31 14:38 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2007-10-31 14:38 314,659 --a------ C:\ipscan15.exe
2007-10-31 14:33 <DIR> d-------- C:\Program Files\Advanced Port Scanner
2007-10-31 14:33 436,309 --a------ C:\pscan13.exe
2007-10-26 17:46 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-10-26 17:46 66,302 --a------ C:\WINDOWS\War3Unin.dat
2007-10-26 17:46 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-10-24 16:03 20,992 --a------ C:\WINDOWS\system32\winbjv32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:07 --------- d-----w C:\Program Files\eMule
2007-11-23 18:07 --------- d-----w C:\Documents and Settings\lekev\Application Data\AVG7
2007-11-01 16:01 --------- d-----w C:\Program Files\Google
2007-10-02 16:47 --------- d-----w C:\Program Files\PhotoFiltre Studio
2006-08-18 19:02 1,664 ----a-w C:\Documents and Settings\steph\Application Data\ViewerApp.dat
2006-08-18 18:57 836 ----a-w C:\Documents and Settings\tagali\Application Data\ViewerApp.dat
2006-07-12 20:55 29,784 ----a-w C:\Program Files\ Terms.html
2006-06-18 13:52 560 ----a-w C:\Documents and Settings\lekev\Application Data\ViewerApp.dat
2006-06-11 14:43 1,112 ----a-w C:\Documents and Settings\allili\Application Data\ViewerApp.dat
2006-06-04 21:57 49,465 ----a-w C:\Program Files\moviepass Terms.html
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Steam"="G:\jeux\C.s\Steam.exe" []
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 17:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-12-23 16:55]
"WebCam Go Plus Sti Service Application"="Wcgopsvc" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"ADPK"="C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE" []
"Ad Blocker Pro"="C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 06:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 00:58]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 19:55]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 09:38]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~2\goec62~1.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae61660-2b97-11da-8130-00a0245d9464}]
\Shell\AutoRun\command - I:\AutoPlay.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 14:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-11-12 00:52:36 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 19:09:18
.
--- E O F ---

Désolé je me suis trompé voici le rapport :

ComboFix 07-11-19.3 - lekev 2007-11-24 19:16:42.3 - NTFSx86
Running from: C:\Program Files\Anti-virus\ComboFix.exe
Command switches used :: C:\Program Files\Anti-virus\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\winbjv32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\ErreurChasseur
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\winbjv32.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-24 18:59 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-23 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-21 13:02 <DIR> d-------- C:\Program Files\Anti-virus
2007-11-21 12:37 <DIR> d-------- C:\VundoFix Backups
2007-11-16 22:26 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-01 17:30 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-01 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-31 14:38 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2007-10-31 14:38 314,659 --a------ C:\ipscan15.exe
2007-10-31 14:33 <DIR> d-------- C:\Program Files\Advanced Port Scanner
2007-10-31 14:33 436,309 --a------ C:\pscan13.exe
2007-10-26 17:46 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-10-26 17:46 66,302 --a------ C:\WINDOWS\War3Unin.dat
2007-10-26 17:46 2,829 --a------ C:\WINDOWS\War3Unin.pif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 17:57 --------- d-----w C:\Program Files\eMule
2007-11-24 17:57 --------- d-----w C:\Documents and Settings\lekev\Application Data\AVG7
2007-11-01 16:01 --------- d-----w C:\Program Files\Google
2007-10-02 16:47 --------- d-----w C:\Program Files\PhotoFiltre Studio
2006-08-18 19:02 1,664 ----a-w C:\Documents and Settings\steph\Application Data\ViewerApp.dat
2006-08-18 18:57 836 ----a-w C:\Documents and Settings\tagali\Application Data\ViewerApp.dat
2006-07-12 20:55 29,784 ----a-w C:\Program Files\ Terms.html
2006-06-18 13:52 560 ----a-w C:\Documents and Settings\lekev\Application Data\ViewerApp.dat
2006-06-11 14:43 1,112 ----a-w C:\Documents and Settings\allili\Application Data\ViewerApp.dat
2006-06-04 21:57 49,465 ----a-w C:\Program Files\moviepass Terms.html
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-23_19.08.23.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-11 12:04:38 190,696 ----a-w C:\WINDOWS\LastGood\system32\Macromed\Flash\FlashUtil9d.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Steam"="G:\jeux\C.s\Steam.exe" []
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 17:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-12-23 16:55]
"WebCam Go Plus Sti Service Application"="Wcgopsvc" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"ADPK"="C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE" []
"Ad Blocker Pro"="C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 06:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 00:58]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 19:55]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 09:38]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~2\goec62~1.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae61660-2b97-11da-8130-00a0245d9464}]
\Shell\AutoRun\command - I:\AutoPlay.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 14:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-11-12 00:52:36 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 19:21:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 19:23:00
C:\ComboFix2.txt ... 2007-11-23 19:09
.
--- E O F ---

Merci. A+

Bien.

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...

Voici le rapport :


KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 24, 2007 11:53:32 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 24/11/2007
Enregistrements dans la base antivirus Kaspersky : 436031
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
Statistiques de l'analyse
Total d'objets analysés 92662
Nombre de virus trouvés 7
Nombre d'objets infectés 14 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:58:22

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Local Settings\History\History.IE5\MSHist012007112420071125\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\lekev\UserData\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\ISS\BlackICE\blackice-service.log L'objet est verrouillé ignoré
C:\qoobox\Quarantine\C\WINDOWS\system32\winbjv32.dll.vir Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe/data.rar/keygen.exe Infecté : Trojan-Downloader.Win32.Agent.dlu ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe/data.rar/patch.exe Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe/data.rar/crack.exe Infecté : Trojan-Downloader.Win32.Agent.ejh ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe/data.rar/install.exe Infecté : Virus.Win32.Virut.ao ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe/data.rar Infecté : Virus.Win32.Virut.ao ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0280445.exe RarSFX: infecté - 5 ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP709\A0294435.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP712\A0294556.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP715\A0294656.dll Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP716\change.log L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\es.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\drivers & tools\avs video editor\WarezP2P_CSP_S.exe/data0044 Infecté : Packed.Win32.PolyCrypt.d ignoré
D:\drivers & tools\avs video editor\WarezP2P_CSP_S.exe NSIS: infecté - 1 ignoré
D:\drivers & tools\microsoft\OFFICE 2003 CRACK\serial.zip/register_serial.exe/data0001 Infecté : Trojan-Downloader.Win32.IstBar.ja ignoré
D:\drivers & tools\microsoft\OFFICE 2003 CRACK\serial.zip/register_serial.exe/data0003 Infecté : Trojan-Downloader.Win32.IstBar.nn ignoré
D:\drivers & tools\microsoft\OFFICE 2003 CRACK\serial.zip/register_serial.exe Infecté : Trojan-Downloader.Win32.IstBar.nn ignoré
D:\drivers & tools\microsoft\OFFICE 2003 CRACK\serial.zip ZIP: infecté - 3 ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP693\A0281498.exe L'objet est verrouillé ignoré
D:\System Volume Information\_restore{E71D09D8-29D1-4D5F-8A96-4F2B3C7D0196}\RP716\change.log L'objet est verrouillé ignoré
Analyse terminée.

Bonjour

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\qoobox
D:\drivers & tools\avs video editor\WarezP2P_CSP_S.exe
D:\drivers & tools\microsoft\OFFICE 2003 CRACK

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

C:\qoobox\Quarantine\Registry_backups moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\qoobox\Quarantine\C\WINDOWS moved successfully.
C:\qoobox\Quarantine\C\Program Files\Common Files moved successfully.
C:\qoobox\Quarantine\C\Program Files moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\lekev\Application Data moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings\lekev moved successfully.
C:\qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\qoobox\Quarantine\C moved successfully.
C:\qoobox\Quarantine moved successfully.
C:\qoobox\Hiv-backup\Users\00000006 moved successfully.
C:\qoobox\Hiv-backup\Users\00000005 moved successfully.
C:\qoobox\Hiv-backup\Users\00000004 moved successfully.
C:\qoobox\Hiv-backup\Users\00000003 moved successfully.
C:\qoobox\Hiv-backup\Users\00000002 moved successfully.
C:\qoobox\Hiv-backup\Users\00000001 moved successfully.
C:\qoobox\Hiv-backup\Users moved successfully.
Folder move failed. C:\qoobox\Hiv-backup\system scheduled to be moved on reboot.
Folder move failed. C:\qoobox\Hiv-backup\software scheduled to be moved on reboot.
Folder move failed. C:\qoobox\Hiv-backup\SECURITY scheduled to be moved on reboot.
Folder move failed. C:\qoobox\Hiv-backup\SAM scheduled to be moved on reboot.
Folder move failed. C:\qoobox\Hiv-backup\default scheduled to be moved on reboot.
C:\qoobox\Hiv-backup moved successfully.
C:\qoobox\BackEnv moved successfully.
C:\qoobox moved successfully.
D:\drivers & tools\avs video editor\WarezP2P_CSP_S.exe moved successfully.
D:\drivers & tools\microsoft\OFFICE 2003 CRACK moved successfully.

Created on 11/26/2007 13:43:35

Bien.

As tu encore des dysfonctionnements ?

Non, pas pour le moment et je vous en remercie.

Lekev. A+

On termine le ménage.


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Lance OTmoveIT.

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.

Une liste apparait dans la partie gauche d'OTmoveIT.

Un message apparait pour confirmer le nettoyage. Confirme


Redémarre le PC


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Encore deux choses.

Va sur ce lien pour mieux sécuriser ton PC
http://www.infos-du-net.com/forum/267223-11-securiser-o...

Edite ton premier message et ajoute Résolu à côté de ton titre.