Trojan - Avast devient fou [Resolu]

Bonjour a tous,
j'ai formaté mon pc il ya quelques jours, et depuis Avast me trouve des virus - cheval de troie tout les jours, voir plusieurs fois par jours. Mais je n'ai constaté aucun ralentissement ni rien sur mon pc. J'ai fait un scan avec Avast, il ne m'a trouvé qu'une infection, mais il m'en trouve régulierement des nouvelles.
Que faire ? Je poste un rapport HijackThis et quelqu'un pourra me dire ?
Merci d'avance

Message édité par Sether le 17-01-2008 à 17:04:26

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Quel emplacement ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Pour l'emplacement j'ai pas pensé a le noté, je m'en souviens plus, mais je sais que a chaque fois ce sont des .dll (j'ai eu un iiii.dll par exemple si je me souviens bien). Je poste l'emplacement du prochain qui arrive (j'en ai deja eu 4 aujourd'hui, ça devrait pas trop tarder..).
Voila mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:12, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmkhh.dll,#1
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5809 bytes

Répondre à Sether

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici le nouveau rapport

ComboFix 08-01-09.2 - Théo 2008-01-16 16:52:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1192 [GMT 1:00]
Running from: C:\Users\Théo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQPYCOVW\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\geefd.dll
C:\Windows\system32\pmkhh.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-16 16:50 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-16 16:16 . 2008-01-16 16:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-15 17:23 . 2008-01-15 17:23 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-15 17:01 . 2008-01-15 17:01 99,864 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-01-14 20:34 . 2008-01-14 20:34 <REP> d-------- C:\Program Files\Microsoft Works
2008-01-14 20:31 . 2008-01-14 20:31 <REP> d-------- C:\Program Files\Microsoft.NET
2008-01-14 20:28 . 2008-01-14 20:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-14 20:27 . 2008-01-15 17:23 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-01-14 20:27 . 2008-01-15 17:23 <REP> d-------- C:\ProgramData\Microsoft Help
2008-01-14 20:25 . 2008-01-14 20:25 <REP> dr-h----- C:\MSOCache
2008-01-14 20:19 . 2008-01-14 20:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-14 20:14 . 2008-01-14 20:14 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-01-14 18:28 . 2008-01-16 11:59 <REP> d-------- C:\Program Files\lx_cats
2008-01-14 18:22 . 2008-01-14 18:22 <REP> d-------- C:\Users\All Users\Ezprint
2008-01-14 18:22 . 2008-01-14 18:22 <REP> d-------- C:\ProgramData\Ezprint
2008-01-14 18:22 . 2008-01-14 18:22 <REP> d-------- C:\Program Files\Lexmark 3400 Series
2008-01-14 18:18 . 2008-01-14 18:18 <REP> d-------- C:\drivers
2008-01-14 18:17 . 2008-01-14 18:17 <REP> d-------- C:\Windows\System32\Samsung PC Studio Codecs
2008-01-14 18:17 . 2006-03-21 15:49 2,729,472 --a------ C:\Windows\System32\fun_avcodec.dll
2008-01-14 18:17 . 2006-04-18 16:32 684,032 --a------ C:\Windows\System32\fun_mp4_enc.dll
2008-01-14 18:17 . 2006-04-11 16:49 671,744 --a------ C:\Windows\System32\FunDecFilter.ax
2008-01-14 18:17 . 2006-04-11 13:13 532,480 --a------ C:\Windows\System32\FunEncFilter.ax
2008-01-14 18:17 . 2006-04-06 11:28 77,824 --a------ C:\Windows\System32\fun_mp4_dec.dll
2008-01-14 18:17 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-01-14 18:06 . 2000-05-22 09:58 647,872 --------- C:\Windows\System32\Mscomct2.ocx
2008-01-14 18:06 . 1999-10-10 18:00 41,984 --------- C:\Windows\Ctregrun.exe
2008-01-14 18:05 . 1999-12-12 18:01 44,032 --------- C:\Windows\System32\CTSVCCDA.EXE
2008-01-14 18:05 . 1999-11-17 18:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE
2008-01-14 17:58 . 2008-01-14 18:06 <REP> d-------- C:\Program Files\Creative
2008-01-14 17:56 . 2005-08-30 01:49 94,000 --a------ C:\Windows\System32\drivers\ssm_mdm.sys
2008-01-14 17:56 . 2005-08-30 01:47 58,320 --a------ C:\Windows\System32\drivers\ssm_bus.sys
2008-01-14 17:56 . 2005-08-30 01:49 8,336 --a------ C:\Windows\System32\drivers\ssm_mdfl.sys
2008-01-14 17:56 . 2005-08-30 01:49 6,176 --a------ C:\Windows\System32\drivers\ssm_cmnt.sys
2008-01-14 17:56 . 2005-08-30 01:49 6,176 --a------ C:\Windows\System32\drivers\ssm_cm.sys
2008-01-14 17:56 . 2005-08-30 01:47 5,840 --a------ C:\Windows\System32\drivers\ssm_whnt.sys
2008-01-14 17:56 . 2005-08-30 01:47 5,840 --a------ C:\Windows\System32\drivers\ssm_wh.sys
2008-01-14 17:49 . 2008-01-14 18:18 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-01-14 17:49 . 2008-01-14 17:49 <REP> d-------- C:\Program Files\Samsung
2008-01-14 17:49 . 2005-08-13 05:06 22,486 -ra------ C:\Windows\System32\UnInstall_Driver.ico
2008-01-14 17:45 . 2008-01-14 18:33 <REP> d-------- C:\Users\All Users\NVIDIA
2008-01-14 17:45 . 2008-01-14 18:33 <REP> d-------- C:\ProgramData\NVIDIA
2008-01-14 17:27 . 2008-01-14 17:27 <REP> d-------- C:\Program Files\IEPro
2008-01-14 17:22 . 2008-01-14 17:22 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-14 17:19 . 2007-09-12 05:28 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-14 17:19 . 2007-09-12 05:28 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-14 17:19 . 2007-09-12 05:28 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-14 17:19 . 2007-09-12 05:28 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-14 17:18 . 2008-01-14 17:18 <REP> d-------- C:\Program Files\VideoLAN
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Videos
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Searches
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Saved Games
2008-01-14 13:18 . 2008-01-14 18:29 <REP> dr------- C:\Users\Xavier\Pictures
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Music
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Links
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Downloads
2008-01-14 13:18 . 2008-01-14 18:28 <REP> dr------- C:\Users\Xavier\Documents
2008-01-14 13:18 . 2008-01-14 13:18 <REP> dr------- C:\Users\Xavier\Contacts
2008-01-14 13:18 . 2006-11-02 13:37 <REP> d-------- C:\Users\Xavier\AppData\Roaming\Media Center Programs
2008-01-14 13:18 . 2008-01-14 13:18 <REP> d--h----- C:\Users\Xavier\AppData
2008-01-13 20:30 . 2008-01-13 20:30 2,923,520 --a------ C:\Windows\explorer.exe
2008-01-13 20:28 . 2008-01-13 20:28 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-01-13 20:28 . 2008-01-13 20:28 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-01-13 20:27 . 2008-01-13 20:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-13 20:27 . 2008-01-13 20:27 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-13 20:27 . 2008-01-13 20:27 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-13 20:27 . 2008-01-13 20:27 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-13 20:27 . 2008-01-13 20:27 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-13 20:26 . 2008-01-13 20:26 414,208 --a------ C:\Windows\System32\msscp.dll
2008-01-13 20:26 . 2008-01-13 20:26 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-13 20:24 . 2008-01-13 20:24 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-13 20:23 . 2008-01-13 20:23 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 20:23 . 2008-01-13 20:23 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 20:21 . 2008-01-13 20:21 <REP> d-------- C:\Program Files\AusLogics Registry Defrag
2008-01-13 20:21 . 2008-01-13 20:21 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-13 20:20 . 2008-01-13 20:20 <REP> d-------- C:\Users\All Users\Skype
2008-01-13 20:20 . 2008-01-13 20:20 <REP> d-------- C:\ProgramData\Skype
2008-01-13 20:20 . 2008-01-13 20:21 <REP> d-------- C:\Program Files\Skype
2008-01-13 20:20 . 2008-01-13 20:20 <REP> d-------- C:\Program Files\Common Files\Skype
2008-01-13 20:20 . 2008-01-13 20:20 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
2008-01-13 20:20 . 2008-01-13 20:20 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-13 20:20 . 2008-01-13 20:20 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-13 20:20 . 2008-01-13 20:20 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-13 20:19 . 2008-01-13 20:19 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-01-13 20:19 . 2008-01-13 20:19 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-01-13 20:19 . 2008-01-13 20:19 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-01-13 20:19 . 2008-01-13 20:19 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-01-13 20:19 . 2008-01-13 20:19 223,232 --a------ C:\Windows\System32\SLC.dll
2008-01-13 20:19 . 2008-01-13 20:19 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-01-13 20:19 . 2008-01-13 20:19 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-01-13 20:19 . 2008-01-13 20:19 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-01-13 20:19 . 2008-01-13 20:19 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-01-13 20:18 . 2008-01-13 20:18 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-13 20:18 . 2008-01-13 20:18 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-13 20:18 . 2008-01-13 20:18 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-13 20:16 . 2008-01-13 20:16 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-13 20:16 . 2008-01-13 20:16 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-13 20:16 . 2008-01-13 20:16 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-13 20:16 . 2008-01-13 20:16 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-13 20:16 . 2008-01-13 20:16 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-13 20:16 . 2008-01-13 20:16 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 19:33 --------- d-----w C:\Program Files\MSBuild
2008-01-14 17:52 --------- d-----w C:\Program Files\World of Warcraft - Ivalice Serveur
2008-01-14 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 19:49 174 --sha-w C:\Program Files\desktop.ini
2008-01-13 19:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-13 19:46 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 19:46 --------- d-----w C:\Program Files\Windows Defender
2008-01-13 19:46 --------- d-----w C:\Program Files\Windows Calendar
2008-01-13 19:31 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-13 19:31 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-13 19:31 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-13 19:31 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-13 19:31 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-13 19:30 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-13 19:25 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-13 19:25 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-13 19:25 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-13 19:23 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 19:23 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 19:23 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 19:23 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 19:22 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-13 19:22 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-13 19:22 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-13 19:22 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-13 19:22 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-13 19:22 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-01-13 19:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-13 18:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:02 --------- d-----w C:\Program Files\NewTech Infosystems
2008-01-13 18:02 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems
2008-01-13 17:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-13 17:55 --------- d-----w C:\Program Files\Acer Zone
2008-01-13 17:21 --------- d-sh--w C:\ProgramData\Modèles
2008-01-13 17:21 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-13 17:21 --------- d-sh--w C:\ProgramData\Favoris
2008-01-13 17:21 --------- d-sh--w C:\ProgramData\Bureau
2008-01-13 17:21 --------- d-sh--w C:\Program Files\Fichiers communs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-13 19:09 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"LXCYCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 13:27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{838063B6-43F9-44D6-97CB-8A213AF54B27}"= C:\Windows\system32\pmkhh.dll [ ]

R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 18:12]
R2 lxcy_device;lxcy_device;C:\Windows\system32\lxcycoms.exe [2007-06-20 06:28]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12996699-c1fa-11dc-bcdf-806e6f6e6963}]
\shell\AutoRun\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23655f2a-c2d5-11dc-aecd-0019215071e7}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 16:56:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.EXE [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-01-16 16:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 15:57:57
.
2008-01-15 16:23:44 --- E O F ---

Répondre à Sether

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Et mon nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:02, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5303 bytes

PS : Y'a t'il mieux que Avast dans les antivirus gratuis ?

Répondre à Sether

C'est mieux ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bah pour l'instant, avast m'as plus rien trouvé, ça semble bon, mais peut etre un peu temps pour le dire. Si il en retrouve je reposterai, mais j'espere que non.
Merci beaucoup

Répondre à Sether

Tu peux faire ce que j'ai dit ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je suis en train d'installer Antivir, je poste le scan dans quelques minutes. Parcontre le lien est que tu donne telecharge a 20ko/s chez moi, j'ai telechargé l'antivirus depuis un autre serveur, tu devrais modifier ton lien (ou alors ça vient de moi).

Message édité par Sether le 16-01-2008 à 17:42:22

Répondre à Sether

Et voila le scan Antivir :

ntiVir PersonalEdition Classic
Report file date: mercredi 16 janvier 2008 17:44

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: Pouet

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 16 janvier 2008 17:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'lxcycoms.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '9' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Windows\System32\pmkhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\Users\Théo\Downloads\Microsoft_Office_Professional_Plus_2007.rar
[0] Archive type: RAR
--> crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>

End of the scan: mercredi 16 janvier 2008 18:20
Used time: 36:03 min

The scan has been done completely.

10904 Scanning directories
214946 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
214944 Files not concerned
2970 Archives were scanned
3 Warnings
94 Notes

Message édité par Sether le 16-01-2008 à 18:22:14

Répondre à Sether

Peut être plus lent mais lien officiel donc forcément à jour
Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Et voila mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:48, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6460 bytes

Alors, c'est propre maintenant ?

Répondre à Sether

C'est mieux ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Plus aucun probleme maintenant, aucune detection de virus ni rien. Merci beaucoup

Répondre à Sether

Des questions ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Non tout va bien c'est gentil, et encore merci pour toute ton aide.

Message édité par Sether le 17-01-2008 à 19:11:47

Répondre à Sether

Bon surf

Télécharge ToolsCleaner sur ton Bureau.
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

Message édité par Angeldark le 17-01-2008 à 19:44:59

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Le rapport ToolsCleaner :

-->- Recherche:

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Théo\Desktop\HijackThis.lnk: trouvé !
C:\Users\Xavier\Desktop\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Théo\Desktop\HijackThis.lnk: supprimé !
C:\Users\Xavier\Desktop\HijackThis.lnk: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: Erreur de suppression !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Enfait ça m'a désinstallé Hijackthis et Combofix non ?

En tout cas merci de m'avoir aidé a regler cette infection (je pense que le virus venait d'une keygen telechargé un peu au hasard, je ferait plus gaffe la prochaine fois).
Bonne soirée.

Répondre à Sether

De rien

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

[Resolu]Trojan - Avast devient fou

Forum Sécurité - Virus : [Resolu]Trojan - Avast devient fou

Attention