[Résolu] virus proper.exe - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [Résolu] virus proper.exe
 
thephenyx
Profil : IDNaute
Plus d'informations
n°279711
08-02-2008 à 22:24:09

N'ai plus aucun droit administrateur.
Voici le rapport, merci de m'indiquer la demarche à suivre pour regler mon probleme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:42, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://www.achatpublic.com/sdm/cga [...] s-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb [...] module.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6434 bytes


Message édité par thephenyx le 17-02-2008 à 19:35:49
Liens

Angeldark
Profil : Helper
Plus d'informations
n°279728
08-02-2008 à 22:44:37

Un bonjour ?

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
thephenyx
Profil : IDNaute
Plus d'informations
n°279788
09-02-2008 à 12:16:26

Bonjour Angeldark,
merci pour ta reponse.
Voici le rapport apres lancement de combofix :

ComboFix 08-02.05.3 - frederic 2008-02-09 12:08:33.1 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.270 [GMT 1:00]
Endroit: C:\Documents and Settings\frederic\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\frederic\Application Data\DriveCleaner Free
C:\Documents and Settings\frederic\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\frederic\Application Data\MessengerSkinner
C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\frederic\err.log
C:\Program Files\Fichiers communs\drivecleaner free
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\Fichiers communs\SystemDoctor\up.dat
C:\Program Files\Fichiers communs\SystemDoctor\USDR6cw.exe
C:\WA6P
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\jssjig.dat
C:\WINDOWS\system32\jssjig.exe
C:\WINDOWS\system32\jssjig_navps.dat
C:\WINDOWS\system32\koos.exe . . . . Echec de suppression
C:\WINDOWS\system32\kprof . . . . Echec de suppression
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\poof . . . . Echec de suppression
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POOF
-------\symavc32


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
.

2008-02-08 22:16 . 2008-02-08 22:16 <REP> d-------- C:\Program Files\Trend Micro
2008-02-08 21:38 . 2008-02-08 21:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-08 14:10 . 2008-02-08 14:10 <REP> d-------- C:\WINDOWS\report
2008-02-08 14:08 . 2008-02-08 14:08 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-08 14:08 . 2008-02-08 14:08 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
2008-02-08 14:08 . 2008-02-08 14:08 1,919,160 --a------ C:\WINDOWS\tsc.ptn
2008-02-08 14:08 . 2008-02-08 21:39 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-08 14:08 . 2008-02-08 14:08 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-08 14:08 . 2008-02-08 21:39 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-08 14:08 . 2008-02-08 14:08 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-08 14:08 . 2008-02-08 21:42 823 --a------ C:\WINDOWS\tsc.ini
2008-02-08 14:07 . 2008-02-08 14:07 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-08 14:07 . 2008-02-08 21:38 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-08 14:06 . 2008-02-08 14:07 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-08 14:06 . 2008-02-08 14:07 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-08 14:06 . 2008-02-08 14:07 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Program Files\RegistrySmart
2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Documents and Settings\frederic\Application Data\RegistrySmart
2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\frederic\Application Data\FloodLightGames
2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-01-31 13:05 . 2008-01-31 13:05 <REP> d-------- C:\Documents and Settings\frederic\Saved Games
2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\orange
2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\GamesBar
2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-01-30 19:52 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-01-30 19:52 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll
2008-01-30 19:52 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll
2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\BoontyGames
2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\Boonty
2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Documents and Settings\frederic\Application Data\AdobeUM
2008-01-26 00:48 . 2008-01-26 00:48 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
2008-01-26 00:47 . 2008-01-26 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 11:09 25,088 ------w C:\WINDOWS\system32\koos.exe
2008-01-06 17:34 46,348 ----a-w C:\WINDOWS\system32\SmrtDrive.dll
2008-01-06 17:27 10,010 ----a-w C:\WINDOWS\SMRTDRIV.DLL
2007-12-30 21:15 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-30 11:51 --------- d-----w C:\Documents and Settings\frederic\Application Data\SuperAdBlocker.com
2007-12-30 11:50 --------- d-----w C:\Program Files\SuperAdBlocker.com
2007-12-23 17:08 --------- d-----w C:\Program Files\UseNeXT
2007-12-23 17:08 --------- d-----w C:\Documents and Settings\frederic\Application Data\UseNeXT
2007-12-07 23:42 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-26 22:00 155648]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2008-01-23 15:55 4347120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^autos.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
backup=C:\WINDOWS\pss\autos.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^infos.exe]
path=C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
backup=C:\WINDOWS\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS\pss\YesMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check]
C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
C:\WINDOWS\system32\spoolc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jssjig]
c:\windows\system32\jssjig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check]
C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-26 22:00 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
--a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-01 20:32 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINDOWS\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw]
C:\Program Files\Fichiers communs\SystemDoctor\USDR6cw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPodService"=3 (0x3)
"aawservice"=2 (0x2)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"IDriverT"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)

R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-01-30 19:57]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-09 11:12:38 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 12:12:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-09 12:13:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 11:13:52
.
2008-01-08 21:04:19 --- E O F ---

Angeldark
Profil : Helper
Plus d'informations
n°279804
09-02-2008 à 12:26:48

Re,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
thephenyx
Profil : IDNaute
Plus d'informations
n°279850
09-02-2008 à 13:43:30

Re,

combofix m'a permis de retrouver mes droits administrateurs,merci beaucoup.

Voici le rapport de Gmer, apparemment il reste des logiciels malveillants.
Dois-je les supprimer manuellement ?

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-09 13:41:33
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1628] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
---- Processes - GMER 1.0.14 ----

Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00340000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00ED0000

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Player Metaboli\Jeux\J. Verne - L'Ile..\Désinstaller J. Verne - L'Ile....lnk
File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Player Metaboli\Jeux\J. Verne - L'Ile..\Jouer.lnk

---- EOF - GMER 1.0.14 ----

Angeldark
Profil : Helper
Plus d'informations
n°280087
10-02-2008 à 11:53:32

On attaque :)

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Rootkit::
C:\WINDOWS\system32\koos.exe

File::
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
C:\WINDOWS\system32\spoolc.exe
c:\windows\system32\jssjig.exe

Folder::
C:\Program Files\GamesBar
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\poof
C:\Program Files\Fichiers communs\SystemDoctor

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^autos.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^infos.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jssjig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
thephenyx
Profil : IDNaute
Plus d'informations
n°280147
10-02-2008 à 13:50:30

Voilà c'est fait,

Je te poste les rapports demandés.

Par contre j'avais une autre petite question, j'ai vu dans un autre topic que quelqu'un avait un virus qui envoie plein d'emails et il parle de smss.exe.
Je me demande si j'ai pas le meme probleme car des fois je reçois des spams venant de ma propre adresse.

Merci d'avance pour ta reponse, voici les rapports :


ComboFix 08-02.05.3 - frederic 2008-02-10 13:37:08.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.315 [GMT 1:00]
Endroit: C:\Documents and Settings\frederic\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\frederic\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
c:\windows\system32\jssjig.exe
C:\WINDOWS\system32\spoolc.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\kprof\
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\poof\

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.

2008-02-09 19:58 . 2008-02-09 19:58 <REP> d-------- C:\Program Files\FIFA07
2008-02-09 13:37 . 2008-02-09 13:37 250 --a------ C:\WINDOWS\gmer.ini
2008-02-09 12:21 . 2008-02-09 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tages
2008-02-09 12:21 . 2008-02-09 12:21 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-09 12:21 . 2008-02-09 12:21 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-08 22:16 . 2008-02-08 22:16 <REP> d-------- C:\Program Files\Trend Micro
2008-02-08 21:38 . 2008-02-08 21:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-08 14:10 . 2008-02-08 14:10 <REP> d-------- C:\WINDOWS\report
2008-02-08 14:08 . 2008-02-08 14:08 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-08 14:08 . 2008-02-08 14:08 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
2008-02-08 14:08 . 2008-02-08 14:08 1,919,160 --a------ C:\WINDOWS\tsc.ptn
2008-02-08 14:08 . 2008-02-08 21:39 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-08 14:08 . 2008-02-08 14:08 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-08 14:08 . 2008-02-08 21:39 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-08 14:08 . 2008-02-08 14:08 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-08 14:08 . 2008-02-08 21:42 823 --a------ C:\WINDOWS\tsc.ini
2008-02-08 14:07 . 2008-02-08 14:07 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-08 14:07 . 2008-02-08 21:38 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-08 14:06 . 2008-02-08 14:07 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-08 14:06 . 2008-02-08 14:07 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-08 14:06 . 2008-02-08 14:07 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Program Files\RegistrySmart
2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Documents and Settings\frederic\Application Data\RegistrySmart
2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\frederic\Application Data\FloodLightGames
2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-01-31 13:05 . 2008-01-31 13:05 <REP> d-------- C:\Documents and Settings\frederic\Saved Games
2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\orange
2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-01-30 19:52 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-01-30 19:52 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll
2008-01-30 19:52 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll
2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\BoontyGames
2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\Boonty
2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Documents and Settings\frederic\Application Data\AdobeUM
2008-01-26 00:48 . 2008-01-26 00:48 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
2008-01-26 00:47 . 2008-01-26 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 17:34 46,348 ----a-w C:\WINDOWS\system32\SmrtDrive.dll
2008-01-06 17:27 10,010 ----a-w C:\WINDOWS\SMRTDRIV.DLL
2007-12-30 21:15 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-30 11:51 --------- d-----w C:\Documents and Settings\frederic\Application Data\SuperAdBlocker.com
2007-12-30 11:50 --------- d-----w C:\Program Files\SuperAdBlocker.com
2007-12-23 17:08 --------- d-----w C:\Program Files\UseNeXT
2007-12-23 17:08 --------- d-----w C:\Documents and Settings\frederic\Application Data\UseNeXT
2007-12-07 23:42 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll
2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-26 22:00 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check]
C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
C:\WINDOWS\system32\spoolc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check]
C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-26 22:00 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-01 20:32 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINDOWS\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPodService"=3 (0x3)
"aawservice"=2 (0x2)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"IDriverT"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)

R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-01-30 19:57]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-09 11:29:38 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 13:40:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\UAService7.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-10 13:41:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 12:41:06
ComboFix2.txt 2008-02-09 11:13:58
.
2008-01-08 21:04:19 --- E O F ---



et celui de Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:46, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://www.achatpublic.com/sdm/cga [...] s-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb [...] module.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 4268 bytes

Angeldark
Profil : Helper
Plus d'informations
n°280165
10-02-2008 à 14:54:24

C'est mieux ?

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)



Installe AntiVir.

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
thephenyx
Profil : IDNaute
Plus d'informations
n°280192
10-02-2008 à 17:13:34

C'est effectivement beaucoup mieux,

J'ai viré Avast et installé Antivir, visiblement il est mieux puisqu'ilm'a trouvé des virus qu'avast n'avait pas vu ...

Voici le rapport :



AntiVir PersonalEdition Classic
Report file date: dimanche 10 février 2008 16:03

Scanning for 1096761 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: FRED

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:01:26
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 15:01:26
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 15:01:26
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 10/02/2008 15:01:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/02/2008 15:01:26
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 10 février 2008 16:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'bfggameservices.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'bfgclient.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'GPlayer.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'BoontyBox.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'QTTASK.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '16' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\swbgjoqo.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\xkolgn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\libcurl.dll