Tom's Guide > Forum > Sécurité - Virus > Pub Internet (Cid), virus attrappé par msn [Resolu]

Pub Internet (Cid), virus attrappé par msn [Resolu]

Forum Sécurité - Virus : Pub Internet (Cid), virus attrappé par msn [Resolu]

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Mot :    Pseudo :           
 

Bonjour,

J'ai un souci avec des pubs internet qui s'ouvrent toutes seules, je pense à des Cid.

Si quelqu'un peut m'aider merci à vous.

Ps: si ça peut aider, j'ai OTMoveIt, HijackThis et CCleaner.


Message édité par Gnondpom@IDN le 13-02-2008 à 23:37:38
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge Lop S&D.exe sur ton Bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voilà le rapport:


-----------------------------[ Lop S&D 2.0.8 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]

[ 21/01/2008 | 13:39:13.00 ] [ YANNICK ]

[ MAJ : 21-01-2008 | 13.15 ]


-------------[ Listing des dossiers dans Application Data ]------------

[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini


[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.



[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[21/01/2008|13:37] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[21/01/2008 12:00][--ah-----] C:\WINDOWS\tasks\A8684309916FFBA9.job
[21/01/2008 13:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[21/01/2008|13:39] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\WINDOWS\Tasks\A8684309916FFBA9.job

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 13:41:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:1826][Doss:896] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17112][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 13:43:15.17 ]----------------------

Répondre à Gnondpom@IDN

Re,

Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

&

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

J'ai Avast qui me trouve plein de virus/cheval de troie.
Avast m'indique aussi que je reçois plein de courriers electroniques dans un faible intervalle de temps.

Répondre à Gnondpom@IDN

Désactive-le pensant les opérations ci-dessous.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,
Voilà le rapport Lop:



-----------------------------[ Lop S&D 2.0.8 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER: POULLY ] [ "C:\Program Files\Lop SD" ]

[ 21/01/2008 | 14:17:31.76 ] [ YANNICK ]

[ MAJ : 21-01-2008 | 13.15 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\WINDOWS\Tasks\A8684309916FFBA9.job
Restauré! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini


[25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.



[30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[21/01/2008|13:48] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
[14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
[01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
[26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
[01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
[12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
[22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
[29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
[06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
[21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
[15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
[27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
[07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
[07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
[25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
[25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
[25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[21/01/2008 13:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[21/01/2008|14:17] C:\Program Files\Lop SD
[21/01/2008|13:33] C:\Program Files\..
[21/01/2008|13:33] C:\Program Files\.
[21/01/2008|12:00] C:\Program Files\Helper
[17/01/2008|21:47] C:\Program Files\Temporary
[17/01/2008|19:15] C:\Program Files\Dot1XCfg
[16/01/2008|22:00] C:\Program Files\eChanblard
[09/01/2008|16:31] C:\Program Files\eMule
[21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
[21/12/2007|16:27] C:\Program Files\MSN Messenger
[11/12/2007|23:47] C:\Program Files\Internet Explorer
[19/11/2007|18:42] C:\Program Files\flashget196en.exe
[12/11/2007|18:51] C:\Program Files\LimeWire
[12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
[15/10/2007|14:34] C:\Program Files\Java
[09/10/2007|15:39] C:\Program Files\MSN plus
[09/10/2007|15:39] C:\Program Files\Multimedia V3.54
[03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
[26/09/2007|14:27] C:\Program Files\MSN Reaper
[02/09/2007|21:06] C:\Program Files\eChanblard.exe
[14/06/2007|21:13] C:\Program Files\Windows Live
[12/06/2007|22:34] C:\Program Files\Outlook Express
[08/05/2007|12:23] C:\Program Files\WinRAR
[08/04/2007|16:57] C:\Program Files\CCleaner
[02/04/2007|23:26] C:\Program Files\Grisoft
[01/04/2007|10:43] C:\Program Files\PC Camera
[22/03/2007|23:54] C:\Program Files\BitComet
[07/03/2007|18:19] C:\Program Files\Free
[07/03/2007|16:42] C:\Program Files\Fichiers communs
[07/03/2007|16:18] C:\Program Files\NETGEAR
[07/03/2007|16:18] C:\Program Files\NETGEAR(2)
[22/01/2007|21:42] C:\Program Files\VideoLAN
[09/11/2006|18:14] C:\Program Files\Windows Media Player
[09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
[09/11/2006|17:41] C:\Program Files\windows media player 11
[09/11/2006|17:28] C:\Program Files\Windows NT
[06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
[23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
[22/09/2006|15:02] C:\Program Files\Boonty
[22/09/2006|15:02] C:\Program Files\BoontyGames
[22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
[21/09/2006|19:47] C:\Program Files\DIFX
[11/04/2006|20:36] C:\Program Files\Bearshare
[22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
[09/02/2006|15:37] C:\Program Files\essai convertisseur
[04/02/2006|14:28] C:\Program Files\Oxilog
[04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
[02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
[28/01/2006|14:33] C:\Program Files\SigmaTel
[25/01/2006|21:09] C:\Program Files\Messenger
[25/01/2006|19:37] C:\Program Files\Lavasoft
[25/01/2006|19:37] C:\Program Files\PowerArchiver
[25/01/2006|19:36] C:\Program Files\Adobe
[25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
[25/01/2006|19:30] C:\Program Files\Alwil Software
[25/01/2006|16:32] C:\Program Files\Ahead
[25/01/2006|16:16] C:\Program Files\Movie Maker
[25/01/2006|16:13] C:\Program Files\NetMeeting
[25/01/2006|15:56] C:\Program Files\SiSLan
[25/01/2006|14:54] C:\Program Files\Uninstall Information
[25/01/2006|14:49] C:\Program Files\xerox
[25/01/2006|14:49] C:\Program Files\microsoft frontpage
[25/01/2006|14:47] C:\Program Files\Services en ligne
[25/01/2006|14:44] C:\Program Files\ComPlus Applications
[25/01/2006|14:44] C:\Program Files\WindowsUpdate
[25/01/2006|14:44] C:\Program Files\MSN Gaming Zone

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[12/06/2007|22:34] C:\Program Files\Fichiers communs\System
[01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
[07/03/2007|16:42] C:\Program Files\Fichiers communs\..
[07/03/2007|16:42] C:\Program Files\Fichiers communs\.
[12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
[12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
[22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
[10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
[09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
[07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
[02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
[25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
[25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
[25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
[25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
[25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:20:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:1830][Doss:898] C:\DOCUME~1\POULLY\LOCALS~1\Temp
/!\ [Fich:17361][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 14:23:03.18 ]----------------------

Répondre à Gnondpom@IDN

Voilà le rapport HijackThis (v1.99.1)


Logfile of HijackThis v1.99.1
Scan saved at 14:30:58, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\snrb2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\bhij.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rdihost - {C575CAAC-7286-4989-84B9-192F69D7A809} - rdihost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe


Message édité par Gnondpom@IDN le 21-01-2008 à 14:40:03
Répondre à Gnondpom@IDN

Re,

Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.


Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà le rapport


MSNFix 1.639-2

C:\Documents and Settings\POULLY\Mes documents\MSNFix
Fix exécuté le 22/01/2008 - 23:22:05.50 By POULLY
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\?.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\POULLY\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\avp.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\Dot1XCfg\
... C:\Program Files\Temporary\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
/!\ ... C:\Documents and Settings\POULLY\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\avp.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

.. OK ... C:\Program Files\Dot1XCfg\
.. OK ... C:\Program Files\Temporary\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\Documents and Settings\POULLY\??????.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\cvbkwtb.exe] B5E168C0941A903BC5ABBCE5F8F31B0B



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_232439.71.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Répondre à Gnondpom@IDN

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà un nouveau rapport


Logfile of HijackThis v1.99.1
Scan saved at 22:47:41, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Winupdates] snrb2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Répondre à Gnondpom@IDN

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re,

Voilà le rapport



ComboFix 08-01-23.1C - POULLY 2008-01-27 15:17:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\lsass.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\b128.exe.bin
C:\WINDOWS\Casino.ico
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CCEVTSVC
-------\LEGACY_MSUPDATE
-------\LEGACY_NTNDIS
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\ntndis
-------\runtime
-------\smtpdrv


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\p2pnetworks
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\e-zshopper
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\amsys
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\akl
2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\Accoona
2008-01-27 16:00 . 2008-01-27 16:00 <REP> d-------- C:\Program Files\3721
2008-01-27 16:00 . 2008-01-27 16:00 32,512 --a------ C:\WINDOWS\764.exe
2008-01-27 16:00 . 2008-01-27 16:00 26,368 --a------ C:\WINDOWS\wml.exe
2008-01-27 16:00 . 2008-01-27 16:00 22,016 --a------ C:\WINDOWS\system32\wml.exe
2008-01-27 16:00 . 2008-01-27 16:01 20,992 --a------ C:\WINDOWS\absolute key logger.lnk
2008-01-27 16:00 . 2008-01-27 16:00 19,200 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 17,920 --a------ C:\WINDOWS\flt.dll
2008-01-27 16:00 . 2008-01-27 16:00 15,616 --a------ C:\WINDOWS\vxddsk.exe
2008-01-27 16:00 . 2008-01-27 16:00 15,360 --a------ C:\WINDOWS\7search.dll
2008-01-27 16:00 . 2008-01-27 16:00 9,216 --a------ C:\WINDOWS\pbar.dll
2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-27 15:21 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-22 22:58 50,688 --a------ C:\cvbkwtb.exe
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 15:01 18,176 ----a-w C:\WINDOWS\system32\drivers\smtpdrv.sys
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"

R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-27 15:21]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:00:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\WINDOWS\764.exe 32512 bytes
C:\WINDOWS\7search.dll 15360 bytes
C:\WINDOWS\absolute key logger.lnk 20992 bytes
C:\WINDOWS\flt.dll 17920 bytes
C:\WINDOWS\system32\msole32.exe 25856 bytes
C:\WINDOWS\system32\ESHOPEE.exe 29952 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 6

**************************************************************************
.
Temps d'accomplissement: 2008-01-27 16:05:35 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-01-27 15:05:30
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

Il a déjà fait un bon ménage.

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je dois refaire la même chose ?

Répondre à Gnondpom@IDN

Désolé, une erreur.

Télécharge BTFix (Bibi26).
Dézippe l'archive sur ton Bureau.

  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà le rapport


BTFix 1.072 (par bibi26) - 28/01/2008 21:31:31 - Analyse
Lancé depuis C:\Documents and Settings\POULLY\Mes documents\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée

Répondre à Gnondpom@IDN

Ok, refais un scan Combofix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà le scan:


ComboFix 08-01-23.1C - POULLY 2008-01-30 23:02:27.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00]Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-01-30 23:07 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WintelUpdate"="C:\bhij.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"

R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-30 23:07]
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:09:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-30 23:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 22:14:28
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Rootkit::
C:\WINDOWS\system32\ztx86.sys

File::
C:\WINDOWS\system32\rxjddnvj.exe
C:\bhij.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WintelUpdate"=-



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà le rapport Combo


ComboFix 08-01-23.1C - POULLY 2008-02-04 10:46:58.7 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\bhij.exe
C:\WINDOWS\system32\rxjddnvj.exe
.
/wow section - STAGE 1

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\ztx86.sys

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-01-30_23.14.10.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 14:10:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-02-04 09:45:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 14:10:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-02-04 09:45:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 14:10:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-02-04 09:45:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 14:10:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-02-04 09:45:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 14:10:11 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-02-04 09:45:49 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 14:10:13 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-02-04 09:45:50 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-30 21:51:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-02-04 09:51:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-30 21:51:21 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 09:51:43 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-04 08:40:54 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012820080204\index.dat
+ 2008-02-04 09:51:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008020420080205\index.dat
- 2008-01-30 21:51:21 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:51:43 606,208 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 09:58:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
@="Driver"

R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 10:59:43
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 11:04:08 - machine was rebooted [POULLY]
ComboFix-quarantined-files.txt 2008-02-04 10:04:04
ComboFix2.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

Et voici le rapport HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 11:06:05, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Répondre à Gnondpom@IDN

Quand j'allume mon pc Avast me trouve souvent des trojans.

Win32:Agent...
Win32:Small...
Ces trojans reviennent souvent.

Répondre à Gnondpom@IDN

C:\WINDOWS\system32 ›› Win32:Agent-LNK [Wrm]

C:\DOCUME~1\POULLY\LOCALS~1\Temp ›› Win32:Small-FHL [Trj]

C:\Documents and Settings\POULLY\Bureau ›› Win32:Small-IKZ [Trj]

Répondre à Gnondpom@IDN

Et le nom et extension des fichiers ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ah désolé.

Nom: smtpdrv.sys ›› C:\WINDOWS\system32\drivers ›› Win32:Agent-LNK [Wrm]

Nom: synmon.exe ›› C:\DOCUME~1\POULLY\LOCALS~1\Temp ›› Win32:Small-FHL [Trj]

Nom: wnpyxv.exe ›› C:\Documents and Settings\POULLY\Bureau ›› Win32:Small-IKZ [Trj]

Répondre à Gnondpom@IDN

Supprime ta version de Combofix puis recommence.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je supprime Combofix et je recommence quoi ?

Répondre à Gnondpom@IDN

Tu supprimes combofix puis tu le retélacharge et recommence le scan.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voilà le rapport


ComboFix 08-02.05.1 - POULLY 2008-02-04 22:18:31.8 - NTFSx86
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 09:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]

R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:22:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [49844]
? [47412]
? [47844]
? [48272]
? [49600]
? [48336]
Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 22:27:54
ComboFix-quarantined-files.txt 2008-02-04 21:27:49
ComboFix2.txt 2008-02-04 10:04:09
ComboFix3.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

C'est bien une nouvelle version ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ah mince je crois que c'est la même. T'as une autre version où un lien où on peut la trouver ?

Joli avatar :)

Répondre à Gnondpom@IDN

C'pas moi qui l'ait fait :d
Tu as supprimé ton combofix pour le retélécharger ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Oui oui je l'ai supprimé.
C'est la même version, comme un andouille j'ai repris la même lol


Message édité par Gnondpom@IDN le 06-02-2008 à 19:52:04
Répondre à Gnondpom@IDN

On va faire la suppression à la main.

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Driver::
Oru36
ztx86

File::
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voila le rapport Combo ( il s'est pas lancé la première fois )


ComboFix 08-02.05.1 - POULLY 2008-02-06 20:17:59.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\WINDOWS\system32\Drivers\Oru36.sys
C:\WINDOWS\system32\ztx86.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Drivers\Oru36.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ORU36
-------\Oru36
-------\ztx86


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 22:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 19:22 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:22:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-06 20:25:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 19:25:13
ComboFix2.txt 2008-02-04 21:27:55
ComboFix3.txt 2008-02-04 10:04:09
ComboFix4.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Ok. J'ai mis 2 fois le même message ?

Ah bah du coup j'ai enlevé les deux lol


Message édité par Gnondpom@IDN le 07-02-2008 à 23:47:56
Répondre à Gnondpom@IDN

Re, voilà le rapport de AntiVir



AntiVir PersonalEdition Classic
Report file date: jeudi 7 février 2008 22:45

Scanning for 1095787 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: POULLY
Computer name: YANNICK

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:39:13
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 21:39:13
ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 07/02/2008 21:39:13
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 07/02/2008 21:39:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/02/2008 21:39:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 7 février 2008 22:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\POULLY\Mes documents\MSNFix\22012008_232439.71.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/algisz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/avp.exe
[DETECTION] Contains suspicious code HEUR/Malware
--> backup/ayoshy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/btfnvs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/cbonxi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cmmpgd.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/Dot1XCfg.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
--> backup/esutzr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ezqebs.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/fiibmu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fqsljl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gfbylm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hfndhn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hgupug.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ihptnd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jmpsvm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/krqpkt.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lgswjv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lirwym.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lkqzyb.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/lscxdt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lygifo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mgkjhe.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/npeabq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nplqgt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oenavc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/olnujn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oynbzx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pfjwvi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/phjtml.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pmcgda.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/pvlgsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/qbdqsi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rkczmy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/rnhaed.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ruehiq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/siakkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/urtfww.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/valzio.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vubrrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/whzhca.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wmuckc.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/wvhrck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xhsltl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqijpv.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/ysrrvx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zmfbnk.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/zxiryu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47db7d69.qua'!
C:\Documents and Settings\POULLY\Mes documents\Yannick\Scripts\QuizZ-BanG\QuiZzStarZ.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[INFO] The file was moved to '48147e90.qua'!
C:\QooBox\Quarantine\catchme2008-02-04_105840.50.zip
[0] Archive type: ZIP
--> ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '481f81b4.qua'!
C:\QooBox\Quarantine\catchme2008-02-06_202142.92.zip
[0] Archive type: ZIP
--> Oru36.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '4963e1dd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rxjddnvj.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481581cc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Oru36.sys.vir
[DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
[INFO] The file was moved to '482081c6.qua'!
C:\WINDOWS\system32\socketa.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8464.qua'!
C:\WINDOWS\system32\socksys.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '480e8465.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBO5ZOBP\setup[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '481f8487.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: jeudi 7 février 2008 23:22
Used time: 36:59 min

The scan has been done completely.

3726 Scanning directories
235106 Files were scanned
59 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
235047 Files not concerned
1359 Archives were scanned
1 Warnings
0 Notes

Répondre à Gnondpom@IDN

Refais un scan Combofix :)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re, voilà le rapport du scan combo


ComboFix 08-02.05.1 - POULLY 2008-02-10 14:46:07.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00]
Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.

2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Program Files\Avira
2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-07 22:30 . 2008-02-07 22:30 17,788,920 --a------ C:\Program Files\Antivir.exe
2008-02-06 20:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 13:00 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 22:39 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]

S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 14:48:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-10 14:48:39
ComboFix-quarantined-files.txt 2008-02-10 13:48:23
ComboFix2.txt 2008-02-06 19:25:30
ComboFix3.txt 2008-02-04 21:27:55
ComboFix4.txt 2008-02-04 10:04:09
ComboFix5.txt 2008-01-30 22:14:34
.
2008-01-09 12:43:21 --- E O F ---

Répondre à Gnondpom@IDN

Mieux ?

 

Télécharge ewido anti-spyware micro scanner sur ton bureau.

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.


Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.


Message édité par Angeldark le 10-02-2008 à 15:25:34
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Oui ça va déjà mieux. Les pubs Cid s'ouvrent plus.

Répondre à Gnondpom@IDN

Voilà le rapport

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\POULLY\Cookies\poully@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@adopt.euroclick[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\POULLY\Cookies\poully@adtech[1].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\POULLY\Cookies\poully@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\POULLY\Cookies\poully@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\POULLY\Cookies\poully@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@bs.serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Estat
Path: C:\Documents and Settings\POULLY\Cookies\poully@estat[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\POULLY\Cookies\poully@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Findwhat
Path: C:\Documents and Settings\POULLY\Cookies\poully@findwhat[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\POULLY\Cookies\poully@himedia.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\POULLY\Cookies\poully@media.adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\POULLY\Cookies\poully@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\POULLY\Cookies\poully@overture[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\POULLY\Cookies\poully@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\POULLY\Cookies\poully@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\POULLY\Cookies\poully@weborama[1].txt
Risk: Medium

Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\POULLY\Cookies\poully@www.abcsearch[1].txt
Risk: Medium

Name: Adware.ActivShopper
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium

Name: Adware.Accoona
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium

Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium

Name: Adware.ActivShopper
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
Risk: Medium

Name: Adware.Accoona
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
Risk: Medium

Name: Not-A-Virus.Hacktool.EvID
Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe
Risk: Low

Name: Not-A-Virus.Hacktool.EvID
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106228.exe
Risk: Low

Name: Trojan.Agent.dwb
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106293.exe
Risk: High

Name: Downloader.Agent.erf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106294.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106330.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106331.exe
Risk: High

Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106398.sys
Risk: High

Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106420.sys
Risk: High

Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106424.exe
Risk: High

Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106426.sys
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107419.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107421.exe
Risk: High

Name: Downloader.Agent.hnp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108434.dll
Risk: High

Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108435.sys
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108438.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108439.exe
Risk: High

Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108449.exe
Risk: High

Name: Worm.Agent.l
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108450.sys
Risk: High

Name: Downloader.Adload.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108470.exe
Risk: High

Name: Backdoor.Agent.alm
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108471.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108515.exe
Risk: High

Name: Downloader.Agent.hql
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108516.exe
Risk: High

Name: Trojan.CPEX.aq
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109441.exe
Risk: High

Name: Backdoor.Small.crw
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109442.exe
Risk: High

Name: Trojan.Sinowal.gf
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109443.exe
Risk: High

Name: Downloader.Small.huv
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109445.exe
Risk: High

Name: Backdoor.SdBot.asy
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109452.exe
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109465.sys
Risk: High

Name: Trojan.Agent.elr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109472.exe
Risk: High

Name: Backdoor.SdBot.aqp
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109473.sys
Risk: High

Name: Rootkit.Agent.pr
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109502.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109507.sys
Risk: High

Name: Not-A-Virus.Downloader.Win32.UltimateFix.e
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111581.exe
Risk: Low

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111636.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111686.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111770.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111817.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP605\A0111848.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111861.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111934.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP607\A0111964.sys
Risk: High

Name: Downloader.Agent.hlt
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP609\A0112035.sys
Risk: High

Name: Not-A-Virus.Hoax.Win32.Renos.asa
Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP610\A0112112.exe
Risk: Low

Name: TrackingCookie.Atdmt
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
Risk: Medium

Répondre à Gnondpom@IDN

Re,

  • Clique sur Remove infections
  • Au message d'avertissement, clique sur Ok et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur Save Report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Scan finished: 0 infections found

Je peux pas cliquer sur Save report

Répondre à Gnondpom@IDN
Page Précédente
1 2
Tom's Guide > Forum > Sécurité - Virus > Pub Internet (Cid), virus attrappé par msn [Resolu]
Aller à :

Il y a 2042 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens