Rapport HijackThis suite a des pages webs redirigees

S'il vous plait, quelqu'un pour me debarasser des saletes qui m'empechent de naviguer ?
Merci !

Bonjour,

Tu as toujours des redirections ?

Malheureusement oui, j'ai toujours des redirections. Malwarebytes ne trouve rien du tout, ni AVG, ni Antivir. Des idees ?
Merci !

Re,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Merci. Je ne peux pas lancer Gmer, meme en mode sans echec. Apres avoir tout ferme, j'ai un premier warning " Loaded Gmer's driver version is incompatible with the currently running GMER application. You need to stop the driver with the command "net stop gmer" or restart your computer". Ensuite j'ai des messages d'erreur :
"C:\WINDOWS\system32\config\system: Le processus ne peut pas acceder au fichier car ce fichier est utilise par un autre processus"
Si j'essaie de faire le scan malgre tout j'ai le meme message en remplacant "config\system" par "config\software". J'ai pourtant arrete tout ce que je pouvais par le gestionnaire de programmes.

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Bonsoir,

Ca va beaucoup mieux suite au scan Combofix. En voici le rapport. Merci !

ComboFix 08-09-04.09 - Lolo 2008-09-05 19:45:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.916 [GMT 2:00]
Endroit: F:\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
/wow section - STAGE 40
pv: No matching processes found


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.

2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
2008-08-10 15:21 . 2008-09-05 08:24 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.I263"= I263_32.drv
"vidc.ptev"= ptevideo.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"matlabserver"=3 (0x3)
"EPGService"=2 (0x2)
"CachemanXPService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"SPTISRV"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"SNDSrvc"=2 (0x2)
"DJSNETCN"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"C:\\Program Files\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Xming\\Xming.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\AVG Anti-spy\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BitTorrent - C:\Program Files\Bittorrent\bittorrent.exe
MSConfigStartUp-btbb_wcm_McciTrayApp - C:\Program Files\btbb_wcm\McciTrayApp.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lolo\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 20:06:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 20:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 18:11:42

Pre-Run: 3,644,800,000 octets libres
Post-Run: 3,557,127,680 octets libres

261 --- E O F --- 2008-08-27 07:44:05

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Bonjour et merci bien. Voici le rapport Combofix et HiJackThis. Desole pour les lignes coupees j'ai pourtant suivi les recommandations des tutos...

ComboFix 08-09-04.09 - Lolo 2008-09-06 13:03:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.871 [GMT 2:00]
Endroit: F:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lolo\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
/wow section - STAGE 40


((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.

2008-09-06 11:05 . 2008-09-06 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 11:05 . 2008-09-06 11:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
2008-08-10 15:21 . 2008-09-06 11:21 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
"ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.I263"= I263_32.drv
"vidc.ptev"= ptevideo.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"matlabserver"=3 (0x3)
"EPGService"=2 (0x2)
"CachemanXPService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"SPTISRV"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"SNDSrvc"=2 (0x2)
"DJSNETCN"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"C:\\Program Files\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Xming\\Xming.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 13:07:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-06 13:09:54
ComboFix-quarantined-files.txt 2008-09-06 11:09:34
ComboFix2.txt 2008-09-05 18:11:49

Pre-Run: 3,505,721,856 octets libres
Post-Run: 3,492,734,464 octets libres

228 --- E O F --- 2008-08-27 07:44:05







Le rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:42, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6411 bytes

Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

Merci, voici le rapport SDFix et HiJackThis :

SDFix: Version 1.221
Run by Lolo on 06/09/2008 at 14:24

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\tdssserf.dll - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer

Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 14:36:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:9f0641ed
"s2"=dword:e2970dbf
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DaemonTool\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:be,89,b6,ed,8c,3d,98,0d,9d,37,da,b5,51,df,26,e0,12,9d,54,35,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4a,27,55,46,d3,d4,9a,03,5e,0a,36,a9,3a,f7,a7,20,6c,..
"khjeh"=hex:e3,3b,67,9e,51,7a,13,76,ac,c6,b9,c8,68,1a,b5,b6,2a,2f,0a,1a,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex e,e8,fe,6b,a4,e0,4b,bc,27,f3,78,57,ab,c9,15,5b,98,cd,95,f8,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DaemonTool\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:be,89,b6,ed,8c,3d,98,0d,9d,37,da,b5,51,df,26,e0,12,9d,54,35,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4a,27,55,46,d3,d4,9a,03,5e,0a,36,a9,3a,f7,a7,20,6c,..
"khjeh"=hex:e3,3b,67,9e,51,7a,13,76,ac,c6,b9,c8,68,1a,b5,b6,2a,2f,0a,1a,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex e,e8,fe,6b,a4,e0,4b,bc,27,f3,78,57,ab,c9,15,5b,98,cd,95,f8,eb,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe:*:Enabled:LiveUpdt"
"D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"="D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe:*:Enabled:XWin"
"C:\\Program Files\\VLC\\vlc.exe"="C:\\Program Files\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Xming\\Xming.exe"="C:\\Program Files\\Xming\\Xming.exe:*:Enabled:Xming X Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 24 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa\setup.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Sat 11 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 23 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 26 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT1.tmp"
Tue 3 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\Lolo\Application Data\Connectix\Virtual PC\VPCKeyboard.dll"

Finished!






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:05, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6411 bytes

Re,

Utilise cet outil :
http://www2.gmer.net/mbr/mbr.exe
poste le rapport.

Beaucoup plus tard(desole), voici le rapport MBR :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x6fc79ab size 0x1fd !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Je lance "mbr.exe -f" ?

Bon dimanche.

Télécharges CCleaner, Spybot, Avg et Malwarebyte's.

En mode sans échec, faits les 4 Anti-virus, et tu verras que problème sera résolu.


j'avais le même problème que toi, et quand j'ai fait ça, j'avais plus rien^^

Oui  

Et voici le nouveau rapport mbr et le rapport HiJackThis :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:28, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6411 bytes

Relance un scan avec MBR pour voir.

Meme rapport:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Ton pc se comporte mieux ?

Beaucoup mieux merci !

Tu as des questions ?  

Non, c'est bon merci, tu peux fermer le topic !

On ne ferme pas les topics