Pb malwares [Résolu]

Bonsoir

J'ai des fenetres disant que je suis infecte. Cela m'a supprimee windows update qui me dit, quand je l'active, que mon aministateur systeme l'a déconcte, ce qui est faux, je ne peux plus accéder à mon gestionnaire de tâches via les touches ctrl alt suppr. J'ai un Trojan-Spy.Win32.GreenScreen et ses petits freres. Un programmeppele MicroAV 2009
Aidez-loi à nettoyer tout cela svp

Voilà mon rapport hijackhis

Logfile of HijackThis v1.99.1
Scan saved at 21:58:21, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ebgxqtwj\qrafqlqf.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\qzcngdcp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\system32\qzcngdcp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C2503670-6D0E-4662-AC65-EFA76E33056C} - C:\WINDOWS\system32\ljJDWNFY.dll
O2 - BHO: (no name) - {CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - C:\WINDOWS\system32\qoMcawvT.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe\Manager.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/S [...] loader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 2803032578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.atoopic.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljJDWNFY - C:\WINDOWS\SYSTEM32\ljJDWNFY.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ActCmd - {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Message édité par thad2007 le 12-10-2008 à 14:34:22

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

ok je m'y mets

Répondre à thad2007

Il y avait des elements qui ont fait que j'ai dû redémarrer kl'ordinateur. J'ai fait au meux. En tout cas j'ai pu réactiver Windows Update et le gestionnaire de tâches s'affiche de nouveau, c'est déjà cela) Voilà le rapport

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 3

01/10/2008 02:35:03
mbam-log-2008-10-01 (02-35-03).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 298906
Temps écoulé: 3 hour(s), 47 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 87

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJDWNFY.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdwnfy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\joe0fj1enr (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJDWNFY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\ebgxqtwj\qrafqlqf.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\buqvjouc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\wnmbawgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7KQ3C9WV\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\G47LC5U6\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\G47LC5U6\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K6T3X57J\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130615.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130616.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130617.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130618.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130619.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130620.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130621.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0131614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0131615.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132653.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132654.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132655.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132656.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132657.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132658.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132659.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0133637.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP471\A0133748.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133855.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133857.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133858.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133859.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133883.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133884.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133886.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133888.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133889.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133890.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133891.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkklLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\NOD499.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Répondre à thad2007

bonjour

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

ok, merci , je m'y colle !

Répondre à thad2007

Voilà le rapport de ComboFix

ComboFix 08-09-30.03 - HP_Propri‚taire 2008-10-01 19:02:59.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.284 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\HP_Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\install_flash_player.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.128b[1].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clickintext[1].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clicktorrent[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@edt02[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@revsci[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@t.spike[1].txt

----- BITS: Il y a peut-être des sites infectés -----

hxxp://hqsextube08.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 22:45 . 2008-09-30 22:45 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Malwarebytes
2008-09-30 22:44 . 2005-01-01 12:21 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\WINDOWS
2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage r‚seau
2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage d'impression
2008-09-30 22:44 . 2007-06-02 03:58 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\ModŠles
2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Mes documents
2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Menu D‚marrer
2008-09-30 22:44 . 2007-06-01 19:34 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Favoris
2008-09-30 22:44 . 2005-01-01 17:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Bureau
2008-09-30 22:44 . 2005-01-01 14:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Symantec
2008-09-30 22:44 . 2005-01-01 15:41 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\SampleView
2008-09-30 22:44 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Intervideo
2008-09-30 22:44 . 2005-01-01 12:20 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Apple Computer
2008-09-30 22:44 . 2008-09-30 22:44 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001
2008-09-30 22:33 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-09-30 22:32 . 2008-09-30 22:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 22:32 . 2008-09-30 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 22:32 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 22:32 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 21:15 . 2008-09-30 21:15 <REP> d-------- C:\Program Files\ygmppu
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\ModŠles
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Mes documents
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Favoris
2008-09-30 09:37 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Application Data\Intervideo
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000
2008-09-30 09:17 . 2008-09-30 22:28 545,563 --ahs---- C:\WINDOWS\system32\TvwacMoq.ini2
2008-09-30 09:17 . 2008-09-30 22:28 545,563 --ahs---- C:\WINDOWS\system32\TvwacMoq.ini
2008-09-30 09:16 . 2008-09-30 09:16 <REP> d-------- C:\Program Files\ESET
2008-09-30 09:12 . 2008-10-01 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ebgxqtwj
2008-09-30 09:07 . 2008-09-30 09:07 93,696 --a------ C:\WINDOWS\system32\setup(1).exe
2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Program Files\NOS
2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-18 18:04 . 2008-09-18 18:04 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
2008-09-05 10:27 . 2008-10-01 11:40 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-05 10:27 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2008-09-05 10:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-05 10:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-05 10:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-05 10:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 16:45 --------- d-----w C:\Program Files\Paint Shop Pro 6
2008-10-01 09:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 09:51 --------- d-----w C:\Program Files\eMule
2008-09-30 19:58 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-09-27 09:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-23 15:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-09-19 13:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
2008-09-14 06:36 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe
2008-08-28 09:00 --------- d-----w C:\Program Files\BitTornado
2008-08-26 10:54 1,572,864 ---ha-w C:\Documents and Settings\thãd\ntuser.dat
2008-08-19 07:30 --------- d-----w C:\Program Files\Bonjour
2008-08-18 13:19 --------- d-----w C:\Program Files\DivX
2008-08-11 11:32 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 10:56 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\ESET
2008-08-09 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-09 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 11:38 --------- d-----w C:\Program Files\iTunes
2008-08-04 11:38 --------- d-----w C:\Program Files\iPod
2007-06-01 17:31 262,144 ----a-w C:\Documents and Settings\HP_PropriÃ©taire\NTUSER.DAT
2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java\utilurl.dll
2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java1\lrulitu.bak2
2005-05-01 20:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2008-02-11 12:46 56 --sh--r C:\WINDOWS\system32\4C5A114734.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"SiSPower"="SiSPower.dll" [2004-09-24 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ActCmd"= {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll [2008-09-30 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07861b1-e4a7-11dc-95d8-0011d888b889}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - C:\WINDOWS\system32\qoMcawvT.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-VTTimer - VTTimer.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 19:22:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-01 19:29:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-01 17:29:24
ComboFix2.txt 2007-09-02 22:53:28

Avant-CF: 15ÿ239ÿ016ÿ448 octets libres
Après-CF: 18,945,007,616 octets libres

200 --- E O F --- 2008-09-10 20:20:25

Et celui de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 19:31:44, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/S [...] loader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 2803032578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.atoopic.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ActCmd - {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Merci pour ton aide !

Répondre à thad2007

Bonsoir

ComboFix a généré un rapport que je n'ai pas mis. Le voici

Code :

2004-04-30 14:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir
2007-09-01 15:59 4286 --a------ C:\Qoobox\Quarantine\C\Program Files\VideoAccessCodec\install.ico.vir
2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\PROGRAMS.folder.cf
2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\START MENU.folder.cf
2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\STARTUP.folder.cf
2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\TEMPLATES.folder.cf
2007-09-03 00:44 151 --a------ C:\Qoobox\BackEnv\APPDATA.folder.cf
2007-09-03 00:44 156 --a------ C:\Qoobox\BackEnv\CACHE.folder.cf
2007-09-03 00:44 156 --a------ C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf
2007-09-03 00:44 166 --a------ C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf
2007-09-03 00:44 228 --a------ C:\Qoobox\BackEnv\profiles.folder.cf
2007-09-03 00:44 3423 --a------ C:\Qoobox\BackEnv\setpath.bat
2007-09-03 00:44 54 --a------ C:\Qoobox\BackEnv\DESKTOP.folder.cf
2007-09-03 00:44 56 --a------ C:\Qoobox\BackEnv\FAVORITES.folder.cf
2007-09-03 00:44 58 --a------ C:\Qoobox\BackEnv\PERSONAL.folder.cf
2007-09-03 00:44 76 --a------ C:\Qoobox\BackEnv\MY PICTURES.folder.cf
2007-09-03 00:52 688071 --a------ C:\Qoobox\snapshot_2007-09-03_ 05255,25.cf
Structure du dossier pour le volume HP_PAVILION
Le num‚ro de s‚rie du volume est 9CA6-6640
C:\QOOBOX
| snapshot_2007-09-03_ 05255,25.cf
|
+---BackEnv
| APPDATA.folder.cf
| CACHE.folder.cf
| DESKTOP.folder.cf
| FAVORITES.folder.cf
| LOCAL APPDATA.folder.cf
| LOCAL SETTINGS.folder.cf
| MY PICTURES.folder.cf
| PERSONAL.folder.cf
| profiles.folder.cf
| PROGRAMS.folder.cf
| setpath.bat
| START MENU.folder.cf
| STARTUP.folder.cf
| TEMPLATES.folder.cf
|
\---Quarantine
+---C
| +---ComboFix
| \---Program Files
| \---VideoAccessCodec
| install.ico.vir
|
+---D
| Autorun.inf.vir
|
\---Registry_backups

Répondre à thad2007

re

J'ai un gros doute sur ta version de nod32... ça serait pas un crack?
++++++++++++++++++++++++

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\TvwacMoq.ini2
C:\WINDOWS\system32\TvwacMoq.ini

Folder::
C:\Program Files\ygmppu
C:\Documents and Settings\All Users\Application Data\ebgxqtwj

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ActCmd"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

+++++++++++++++

Rends toi sur ce lien : Virus Total

Clique sur Parcourir
Rends toi jusque sur ce fichier si tu le trouves :

C:\WINDOWS\java\utilurl.dll

Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

+++++++++++++++++++++++

Même chose avec:
C:\WINDOWS\system32\4C5A114734.sys

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Pour Nod 32 c'est à l'install que j'ai eu toutes ses m... C'était une version crackée dès l'install. pas de crack ni de keygen. Il y a eu du recodage, c'est sûr.

Répondre à thad2007

Je n'ai pas trouvé utilurl.dll ni 4C5A114734.sys

Voici le rapport de Combofix

ComboFix 08-09-30.03 - HP_Propri‚taire 2008-10-02 0:21:08.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.272 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\HP_Propri‚taire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

FILE ::
C:\WINDOWS\system32\TvwacMoq.ini
C:\WINDOWS\system32\TvwacMoq.ini2
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ebgxqtwj
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.128b[1].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clickintext[1].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clicktorrent[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@edt02[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@revsci[2].txt
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@t.spike[1].txt
C:\Program Files\ygmppu
C:\Program Files\ygmppu\ActCmd.dll
C:\WINDOWS\system32\TvwacMoq.ini
C:\WINDOWS\system32\TvwacMoq.ini2

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 22:45 . 2008-09-30 22:45 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Malwarebytes
2008-09-30 22:44 . 2005-01-01 12:21 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\WINDOWS
2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage r‚seau
2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage d'impression
2008-09-30 22:44 . 2007-06-02 03:58 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\ModŠles
2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Mes documents
2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Menu D‚marrer
2008-09-30 22:44 . 2007-06-01 19:34 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Favoris
2008-09-30 22:44 . 2005-01-01 17:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Bureau
2008-09-30 22:44 . 2005-01-01 14:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Symantec
2008-09-30 22:44 . 2005-01-01 15:41 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\SampleView
2008-09-30 22:44 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Intervideo
2008-09-30 22:44 . 2005-01-01 12:20 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Apple Computer
2008-09-30 22:44 . 2008-09-30 22:44 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001
2008-09-30 22:33 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-09-30 22:32 . 2008-09-30 22:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 22:32 . 2008-09-30 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 22:32 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 22:32 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\ModŠles
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Mes documents
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Favoris
2008-09-30 09:37 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Application Data\Intervideo
2008-09-30 09:37 . 2008-09-30 21:15 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000
2008-09-30 09:16 . 2008-09-30 09:16 <REP> d-------- C:\Program Files\ESET
2008-09-30 09:07 . 2008-09-30 09:07 93,696 --a------ C:\WINDOWS\system32\setup(1).exe
2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Program Files\NOS
2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-18 18:04 . 2008-09-18 18:04 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
2008-09-05 10:27 . 2008-10-01 11:40 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-05 10:27 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2008-09-05 10:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-05 10:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-05 10:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-05 10:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 21:31 --------- d-----w C:\Program Files\Paint Shop Pro 6
2008-10-01 17:31 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-10-01 09:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 09:51 --------- d-----w C:\Program Files\eMule
2008-09-27 09:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-23 15:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-09-19 13:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
2008-09-14 06:36 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe
2008-08-28 09:00 --------- d-----w C:\Program Files\BitTornado
2008-08-26 10:54 1,572,864 ---ha-w C:\Documents and Settings\thãd\ntuser.dat
2008-08-19 07:30 --------- d-----w C:\Program Files\Bonjour
2008-08-18 13:19 --------- d-----w C:\Program Files\DivX
2008-08-11 11:32 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 10:56 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\ESET
2008-08-09 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-09 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 11:38 --------- d-----w C:\Program Files\iTunes
2008-08-04 11:38 --------- d-----w C:\Program Files\iPod
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-06-01 17:31 262,144 ----a-w C:\Documents and Settings\HP_PropriÃ©taire\NTUSER.DAT
2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java\utilurl.dll
2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java1\lrulitu.bak2
2005-05-01 20:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2008-02-11 12:46 56 --sh--r C:\WINDOWS\system32\4C5A114734.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-29 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"SiSPower"="SiSPower.dll" [2004-09-24 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07861b1-e4a7-11dc-95d8-0011d888b889}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

SSODL-ActCmd-{4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 00:26:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-02 0:30:25
ComboFix-quarantined-files.txt 2008-10-01 22:30:22
ComboFix2.txt 2008-10-01 17:29:29
ComboFix3.txt 2007-09-02 22:53:28

Avant-CF: 18,821,337,088 octets libres
Après-CF: 18,843,361,280 octets libres

181 --- E O F --- 2008-09-10 20:20:25

Répondre à thad2007

re

1

Désinstalle Nod32 si ce n'est pas déjà fait...
puis vire:

C:\Program Files\ESET
C:\WINDOWS\system32\setup(1).exe

2

installe un antivirus gratuit et efficace:
Antivir.

-->Tuto<--

3

Citation :

Je n'ai pas trouvé utilurl.dll ni 4C5A114734.sys

vois si en faisant ça tu les retrouves:

Citation :

Pour afficher les dossiers et fichiers cachés du système:
Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.

4
fais un scan avec antivir et poste le rapport.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

ok merci )

Répondre à thad2007

utilurl.dll et 4C5A114734.sys même en affichant les fichiers et dossiers cachés

Je dl Antivir et faus les scan

Répondre à thad2007

J(ai troube utilurl et l'autre

Répondre à thad2007

Résultat pour utilurl.dll

Fichier utilurl.dll reçu le 2008.10.02 20:12:30 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.02 -
Avast 4.8.1248.0 2008.10.02 -
AVG 8.0.0.161 2008.10.02 -
BitDefender 7.2 2008.10.02 -
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.02 -
Fortinet 3.113.0.0 2008.10.02 -
GData 19 2008.10.02 -
Ikarus T3.1.1.34.0 2008.10.02 -
K7AntiVirus 7.10.481 2008.10.02 -
Kaspersky 7.0.0.125 2008.10.02 -
McAfee 5396 2008.10.02 -
Microsoft 1.4005 2008.10.02 -
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.02 -
PCTools 4.4.2.0 2008.10.02 -
Prevx1 V2 2008.10.02 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 -
Sophos 4.34.0 2008.10.02 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.02 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.2.1403 2008.10.02 -
VirusBuster 4.5.11.0 2008.10.02 -

Information additionnelle
File size: 444471 bytes
MD5...: 30f09bae97f2888e0e2153915fa68c3f
SHA1..: d9c97c2647359efe51fb42340b416e1514aed561
SHA256: 2df132ded8c9177db54c162bbeb0805dfcc4410e05d7b709d636b3d4d088fd73
SHA512: c629382abea4050d3b5a352759141e1b99d43b99dc9b1d7c4fdb0078bcb06327 a9ab0a298cbbc8198088a8b33e8ea6aec0962a1151a0d647492c42b2d271b7ae
PEiD..: -
TrID..: File type identification Unknown!
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.02 -
Avast 4.8.1248.0 2008.10.02 -
AVG 8.0.0.161 2008.10.02 -
BitDefender 7.2 2008.10.02 -
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.02 -
Fortinet 3.113.0.0 2008.10.02 -
GData 19 2008.10.02 -
Ikarus T3.1.1.34.0 2008.10.02 -
K7AntiVirus 7.10.481 2008.10.02 -
Kaspersky 7.0.0.125 2008.10.02 -
McAfee 5396 2008.10.02 -
Microsoft 1.4005 2008.10.02 -
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.02 -
PCTools 4.4.2.0 2008.10.02 -
Prevx1 V2 2008.10.02 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 -
Sophos 4.34.0 2008.10.02 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.02 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.2.1403 2008.10.02 -
VirusBuster 4.5.11.0 2008.10.02 -

Information additionnelle
File size: 444471 bytes
MD5...: 30f09bae97f2888e0e2153915fa68c3f
SHA1..: d9c97c2647359efe51fb42340b416e1514aed561
SHA256: 2df132ded8c9177db54c162bbeb0805dfcc4410e05d7b709d636b3d4d088fd73
SHA512: c629382abea4050d3b5a352759141e1b99d43b99dc9b1d7c4fdb0078bcb06327 a9ab0a298cbbc8198088a8b33e8ea6aec0962a1151a0d647492c42b2d271b7ae
PEiD..: -
TrID..: File type identification Unknown!
PEInfo: -

Résultat pour 4C5A114734.sys

Fichier 4C5A114734.sys reçu le 2008.10.02 20:20:27 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.02 -
Avast 4.8.1248.0 2008.10.02 -
AVG 8.0.0.161 2008.10.02 -
BitDefender 7.2 2008.10.02 -
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.02 -
Fortinet 3.113.0.0 2008.10.02 -
GData 19 2008.10.02 -
Ikarus T3.1.1.34.0 2008.10.02 -
K7AntiVirus 7.10.481 2008.10.02 -
Kaspersky 7.0.0.125 2008.10.02 -
McAfee 5396 2008.10.02 -
Microsoft 1.4005 2008.10.02 -
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.02 -
PCTools 4.4.2.0 2008.10.02 -
Prevx1 V2 2008.10.02 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 -
Sophos 4.34.0 2008.10.02 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.02 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.2.1403 2008.10.02 -
VirusBuster 4.5.11.0 2008.10.02 -

Information additionnelle
File size: 56 bytes
MD5...: 422bffb47f52bc58b986645f66a02f7a
SHA1..: 410a7ffa309970e2c7b3c2d24e6b587c201ebe4c
SHA256: 1a560623ed40f089ca689d90205271bcfb2c3a80cc46658dd3554119b4d44ad5
SHA512: 165a95c9457a7e1cc05925b1932d984f1f4b9f6293d2ef918c0b79c5e591fd40 d804b5924b81ccd3a4a7260891de5012a5087867a60461f89b2b26b38bb96b32
PEiD..: -
TrID..: File type identification MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 -
Authentium 5.1.0.4 2008.10.02 -
Avast 4.8.1248.0 2008.10.02 -
AVG 8.0.0.161 2008.10.02 -
BitDefender 7.2 2008.10.02 -
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.02 -
Fortinet 3.113.0.0 2008.10.02 -
GData 19 2008.10.02 -
Ikarus T3.1.1.34.0 2008.10.02 -
K7AntiVirus 7.10.481 2008.10.02 -
Kaspersky 7.0.0.125 2008.10.02 -
McAfee 5396 2008.10.02 -
Microsoft 1.4005 2008.10.02 -
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.02 -
PCTools 4.4.2.0 2008.10.02 -
Prevx1 V2 2008.10.02 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 -
Sophos 4.34.0 2008.10.02 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.02 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.2.1403 2008.10.02 -
VirusBuster 4.5.11.0 2008.10.02 -

Information additionnelle
File size: 56 bytes
MD5...: 422bffb47f52bc58b986645f66a02f7a
SHA1..: 410a7ffa309970e2c7b3c2d24e6b587c201ebe4c
SHA256: 1a560623ed40f089ca689d90205271bcfb2c3a80cc46658dd3554119b4d44ad5
SHA512: 165a95c9457a7e1cc05925b1932d984f1f4b9f6293d2ef918c0b79c5e591fd40 d804b5924b81ccd3a4a7260891de5012a5087867a60461f89b2b26b38bb96b32
PEiD..: -
TrID..: File type identification MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

Répondre à thad2007

ok
fais le reste de ce que je demandais ci dessus

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Avira AntiVir Personal
Report file date: jeudi 2 octobre 2008 21:50

Scanning for 1657543 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: HP_Propriétaire
Computer name: NOM-B0A1C0A3909

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:22:01
ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 02/10/2008 19:22:02
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 02/10/2008 19:22:07
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 02/10/2008 19:22:06
AEPACK.DLL : 8.1.2.3 364918 Bytes 02/10/2008 19:22:06
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 02/10/2008 19:22:05
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 02/10/2008 19:22:05
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 02/10/2008 19:22:04
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 02/10/2008 19:22:03
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/10/2008 19:22:03
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Skipped files....................: C:\Audio, C:\Bu Win, C:\Documents and Settings\HP_Propriétaire\Bureau\en cours, C:\Documents and Settings\HP_Propriétaire\Bureau\Incoming, C:\Documents and Settings\HP_Propriétaire\Bureau\Interface stickers4u 2007, C:\Documents and Settings\HP_Propriétaire\Bureau\jaquettes fr et pochettes a faire ou refaire, C:\Documents and Settings\HP_Propriétaire\Bureau\old ftp stickers4u.net, C:\Logs, C:\Sites,

Start of the scan: jeudi 2 octobre 2008 21:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '74' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Divers\sauvegarde tchw\Recovery my files + Crack.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Contains recognition pattern of the WORM/Nuwar.C.1 worm
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervdt3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '495426e1.qua'!
C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\Spy.Emergency.2008.v5.0.305.Multilangages.Incl-Keygen.rar
[0] Archive type: RAR
--> Keygen\Keygen.exe
[DETECTION] Is the TR/Agent.44953 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\Codecs\divx_6_play.zip
[0] Archive type: ZIP
--> DivXPlay.exe
[DETECTION] Is the TR/Zlob.7769008 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\photoshop\php7fr\Adobephotoshop7keygen.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Spy.Delf.NCS Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-965552258-2244601395-4113980137-1007\Dc33.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Zlob.zto dropper
[NOTE] The file was deleted!

End of the scan: vendredi 3 octobre 2008 00:53
Used time: 3:03:45 Hour(s)

The scan has been canceled!

8604 Scanning directories
531581 Files were scanned
5 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
4 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
531574 Files not concerned
15157 Archives were scanned
6 Warnings
5 Notes

Répondre à thad2007

re
vire tes merdouilles de cracks
genre:
C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\photoshop\php7fr\Adobephotoshop7keygen.zip

Télécharge Toolbar S&D de la Team IDN sur ton bureau.

Double-clique dessus pour lancer l'installation.
Accepte le contrat de licence.
Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
Sélectionne la langue souhaitée et valide par la touche entrée.
Choisis l'option 1 ( Recherche ).
Patiente jusqu'à la fin du scan.
Poste le rapport généré. ( C:\TB.txt )

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Les merdouilles sont dégagés. J'avais oublié que j'avais ce truc-là. Je fais ce que tu me demandes

Répondre à thad2007

Voilà le rapport

-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 144 Go Free : 21 Go
D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 0 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 04/10/2008|19:29 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\WINDOWS\iun6002.exe

Répondre à thad2007

re

Relance Toolbar S&D

Choisis cette fois-ci l'option 2. ( Suppression )

Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré. ( C:\TB.txt )

+++++++++++++++

~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html

* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

ok ! Merci

Répondre à thad2007

Voilà le rapport ToolBar S&D

-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 144 Go Free : 21 Go
D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 0 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
L:\ (USB) - FAT - Total : 1952 Mo Free : 0 Go

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 04/10/2008|21:41 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...

je lance le scan...

Répondre à thad2007

Bonjour Sham_Rock

Voilà le résultat du scan KAV

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 04, 2008 19:56:55
Records in database: 1289890
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 218432
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 08:28:36

File name / Threat name / Threats count
C:\Logs\protection pc\anti virus\installer-65806-33fr-Avira-AntiVir-PersonalEdition-Classic-French.exe Infected: not-a-virus:AdWare.Win32.FakeInstaller.a 1
C:\qoobox\Quarantine\C\Program Files\ygmppu\ActCmd.dll.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\sqllhf\sqllhf\SQLLHF.EXE Infected: not-a-virusSWTool.Perl.SQLLhf.31 1

The selected area was scanned.

Répondre à thad2007

bonjour

supprime:
C:\sqllhf
C:\qoobox

d'autres soucis?

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Aucun souci, gâce à toi j'ai un ordi tout propre :pt1cable:
Merci pour ta patience

Répondre à thad2007

bonsoir

Supprime tous les programmes installés pour la désinfection.

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

:hello:

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Forum Sécurité - Virus : Pb malwares [Résolu]

Attention