Virus XP antispyware 2009, comment le supprimer

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Mon pc portable n'ouvre que la page google ensuite impossible d'aller sur un quelconque site (le wifi est bien ok) que ce soit via un lien ou en tapant toute l'adresse dans la barre d'adresse à chaque fois j'arrive sur la page comme quoi internet explorer ne peut ouvrir cette page et pareil sur firefox. Si dans google je fais une recherche pour aller sur infos du net , une page google s'affiche et quand je clique sur l'adresse infos du net je suis redirigée sur une adresse de bediddle.com. et au bout de 5mn l'ordi s'éteint. est ce que si j'importe le programme via une clé usb il y a un risque d'infection de la clé ?

Comment tu viens sur IDN alors ?

via mon pc fix!!

Bah transfère les fichiers que je te demande de télécharger  

via une clé usb ? Pas de danger que cela infecte la clé ? Ma question est peut être débile, dans ce cas désolée.

Nan  

ok je vais tout mettre sur une clé et je vais tenter et je te tiens au courant.

Oki  

Voila c'est fait


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

25/10/2008 18:10:00
mbam-log-2008-10-25 (18-09-59).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 180369
Temps écoulé: 1 hour(s), 20 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexa Lacroix\Local Settings\Temp\TDSSc4f5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexa Lacroix\Local Settings\Temp\TDSSc524.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

au rapport!!!

ComboFix 08-10-24.02 - Alexa Lacroix 2008-10-26 8:06:51.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.244 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Alexa Lacroix\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS)
-------\Service_TDSSserv.sys)


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.

2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Documents and Settings\Alexa Lacroix\Application Data\Malwarebytes
2008-10-25 13:58 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 13:58 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 12:43 . 2008-10-25 13:58 44,544 --a------ C:\WINDOWS\system32\av.dat
2008-10-24 12:42 . 2008-10-25 13:58 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-24 09:01 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 19:56 . 2008-10-23 19:56 <REP> d-------- C:\Program Files\Tajima
2008-10-23 19:56 . 2008-10-23 19:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tajima
2008-10-23 19:49 . 2008-10-23 19:49 9,589,760 --a------ C:\Program Files\embrd2k4b7.exe
2008-10-23 19:34 . 2008-10-23 19:34 1,234,120 --a------ C:\Program Files\wrar380.exe
2008-10-18 19:30 . 2008-10-18 19:30 <REP> d-------- C:\fichiers programmes
2008-10-18 19:30 . 2008-10-18 19:30 <REP> d-------- C:\Documents and Settings\Alexa Lacroix\Application Data\InstallShield
2008-10-17 10:58 . 2008-10-17 10:58 <REP> d-------- C:\Program Files\PhotoFiltre
2008-10-16 07:57 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 07:57 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 07:56 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-12 15:34 . 2008-10-12 15:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-12 15:32 . 2008-10-12 15:32 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-01-27 07:50 10,462,920 ----a-w C:\Program Files\XLVIEWER.EXE
2008-01-27 07:47 12,356,808 ----a-w C:\Program Files\WDVIEWER.EXE
2007-12-29 17:08 2,841,064 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2007-12-28 10:56 581,266 ----a-w C:\Program Files\Patch_InMemoriam_2005_09_05.EXE
2007-12-21 20:12 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-12-01 17:50 5,843,736 ----a-w C:\Program Files\Firefox Setup 2.0.0.10.exe
2007-11-30 15:00 17,521,856 ----a-w C:\Program Files\setupfre.exe
2002-02-21 09:33 23,660 ----a-r C:\Program Files\Inter.inf
2002-02-13 16:44 186 ----a-r C:\Program Files\AUTORUN.INI
2002-02-11 11:46 1,002 ----a-r C:\Program Files\LISEZMOI.TXT
1999-08-17 12:12 192,512 ----a-r C:\Program Files\NAVIGMA.EXE
1999-08-17 12:11 2,238 ----a-r C:\Program Files\MICRO.ICO
1998-02-23 10:48 20,992 ----a-r C:\Program Files\AUTORUN.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-15 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-15 118784]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-11-04 94208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-22 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SoundMan"="SOUNDMAN.EXE" [2004-11-06 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-04-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tâches planifiées'

2008-02-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-AuditMode - C:\sysprep\factory.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Alexa Lacroix\Application Data\Mozilla\Firefox\Profiles\n4cuku8n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http:/google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 08:09:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-26 8:11:36 - La machine a redémarré [Alexa Lacroix]
ComboFix-quarantined-files.txt 2008-10-26 07:11:32

Avant-CF: 23,047,733,248 octets libres
Après-CF: 23,892,361,216 octets libres

155 --- E O F --- 2008-10-25 11:58:48

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer

Ok pour combofix mais Hijackthis il me faut le télécharger pour te faire un rapport car il n'a pas été utilisé jusqu'à maintenant.

Donc voici déjà le rapport combofix:

ComboFix 08-10-25.01 - Alexa Lacroix 2008-10-27 13:47:01.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.175 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Alexa Lacroix\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Alexa Lacroix\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Program Files\embrd2k4b7.exe
C:\Program Files\wrar380.exe
C:\WINDOWS\system32\TDSSosvd.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\embrd2k4b7.exe
C:\Program Files\wrar380.exe
C:\WINDOWS\system32\TDSSosvd.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
.

2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 13:58 . 2008-10-25 13:58 <REP> d-------- C:\Documents and Settings\Alexa Lacroix\Application Data\Malwarebytes
2008-10-25 13:58 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 13:58 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 12:43 . 2008-10-25 13:58 44,544 --a------ C:\WINDOWS\system32\av.dat
2008-10-24 09:01 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 19:56 . 2008-10-23 19:56 <REP> d-------- C:\Program Files\Tajima
2008-10-23 19:56 . 2008-10-23 19:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tajima
2008-10-18 19:30 . 2008-10-18 19:30 <REP> d-------- C:\fichiers programmes
2008-10-18 19:30 . 2008-10-18 19:30 <REP> d-------- C:\Documents and Settings\Alexa Lacroix\Application Data\InstallShield
2008-10-17 10:58 . 2008-10-17 10:58 <REP> d-------- C:\Program Files\PhotoFiltre
2008-10-16 07:57 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 07:57 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 07:56 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:56 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-12 15:34 . 2008-10-12 15:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-12 15:32 . 2008-10-12 15:32 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-01-27 07:50 10,462,920 ----a-w C:\Program Files\XLVIEWER.EXE
2008-01-27 07:47 12,356,808 ----a-w C:\Program Files\WDVIEWER.EXE
2007-12-29 17:08 2,841,064 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2007-12-28 10:56 581,266 ----a-w C:\Program Files\Patch_InMemoriam_2005_09_05.EXE
2007-12-21 20:12 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-12-01 17:50 5,843,736 ----a-w C:\Program Files\Firefox Setup 2.0.0.10.exe
2007-11-30 15:00 17,521,856 ----a-w C:\Program Files\setupfre.exe
2002-02-21 09:33 23,660 ----a-r C:\Program Files\Inter.inf
2002-02-13 16:44 186 ----a-r C:\Program Files\AUTORUN.INI
2002-02-11 11:46 1,002 ----a-r C:\Program Files\LISEZMOI.TXT
1999-08-17 12:12 192,512 ----a-r C:\Program Files\NAVIGMA.EXE
1999-08-17 12:11 2,238 ----a-r C:\Program Files\MICRO.ICO
1998-02-23 10:48 20,992 ----a-r C:\Program Files\AUTORUN.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_ 8.11.13.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-27 12:43:48 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_610.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-15 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-15 118784]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-11-04 94208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-22 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SoundMan"="SOUNDMAN.EXE" [2004-11-06 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-04-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tâches planifiées'

2008-02-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 13:49:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-27 13:49:41
ComboFix-quarantined-files.txt 2008-10-27 12:49:38
ComboFix2.txt 2008-10-26 07:11:38

Avant-CF: 23 817 322 496 octets libres
Après-CF: 23,799,005,184 octets libres

134 --- E O F --- 2008-10-25 11:58:48

Reposte un rapport Hijackthis.

mais je n'ai encore jamais posté de rapport hijackthis, juste un malware et 2 combofix.

Effectivement, tu devrais pouvoir le télécharger.

Rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:52, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5830 bytes

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Avira AntiVir Personal
Report file date: mardi 28 octobre 2008 11:19

Scanning for 995550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Alexa Lacroix
Computer name: NOM-E73FBB59DA7

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:05:38
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 27/10/2008 10:05:40
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 27/10/2008 10:05:40
ANTIVIR3.VDF : 7.1.0.5 45056 Bytes 28/10/2008 10:05:44
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 28/10/2008 10:07:14
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 28/10/2008 10:07:12
AESCN.DLL : 8.1.1.3 123252 Bytes 28/10/2008 10:07:06
AERDL.DLL : 8.1.1.2 438644 Bytes 28/10/2008 10:07:04
AEPACK.DLL : 8.1.2.4 369014 Bytes 28/10/2008 10:06:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 28/10/2008 10:06:46
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 28/10/2008 10:06:40
AEHELP.DLL : 8.1.1.2 115062 Bytes 28/10/2008 10:06:08
AEGEN.DLL : 8.1.0.42 319861 Bytes 28/10/2008 10:06:04
AEEMU.DLL : 8.1.0.9 393588 Bytes 28/10/2008 10:05:58
AECORE.DLL : 8.1.2.8 172406 Bytes 28/10/2008 10:05:52
AEBB.DLL : 8.1.0.3 53618 Bytes 28/10/2008 10:05:46
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 28/10/2008 10:05:44
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 28 octobre 2008 11:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\WINDOWS\system32\av.dat
[DETECTION] Is the TR/Drop.Agent.eaq Trojan
[NOTE] The file was moved to '4934e9a0.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030316.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] TR/Dldr.FakeAler.BB:[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Start Page>=sz:google.com>=SZ:about:blank
[NOTE] TR/Dldr.FakeAler.BB:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Start Page>=sz:google.com>=SZ:about:blank
[NOTE] The file was moved to '4936f48b.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030317.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4e0.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030318.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4e5.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030319.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4e9.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030320.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4eb.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030321.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4f0.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030322.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4f4.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030323.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4f7.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030324.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4fb.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030325.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '48b78b14.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP190\A0030326.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4fd.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030327.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '4936f4fc.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030328.exe
[DETECTION] Is the TR/Dldr.FakeAler.BB Trojan
[NOTE] The file was moved to '48b78b15.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030335.exe
[DETECTION] Is the TR/Small.bbc Trojan
[NOTE] The file was moved to '4936f4fe.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030338.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48b78b17.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030339.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48b78b19.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030341.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
[NOTE] The file was moved to '48b78b16.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030342.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was moved to '4936f4ff.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030343.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was moved to '48b78ae8.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030344.dll
[DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
[NOTE] The file was moved to '4936f501.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030345.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adf back-door program
[NOTE] The file was moved to '48b78aea.qua'!
C:\System Volume Information\_restore{96222E6B-F9B3-4D1D-B02D-7C20D1224B19}\RP191\A0030346.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
[NOTE] The file was moved to '4936f503.qua'!
Begin scan in 'D:\'


End of the scan: mardi 28 octobre 2008 12:19
Used time: 59:46 Minute(s)

The scan has been done completely.

7655 Scanning directories
282979 Files were scanned
23 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
282955 Files not concerned
6563 Archives were scanned
1 Warnings
23 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:34, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6070 bytes

Ton pc se comporte mieux ?

ah oui normalemnt depuis déjà le malwarebytes!!!! Mille mercis mais je n'en reviens pas de la façon dont je me suis fait infecter, sur la recherche de logiciel de broderies comme quoi ce n'est pas que les sites pornos vecteur de ce genre de trucs. Là c'est fini ? Dois je garder tous les logiciels installés ou bien je peux tout supprimer? excepté l'antivirus bien sûr. Je vais de ce pas installer antivir sur le fixe aussi!!

Garde AntiVir et MBAM  

ok. Encore merci pour cette rapidité, je suis en train de lire tous les conseils pour essayer de ne plus me faire avoir. Bonne journée et merci pour tout

Bonjour à tous,

Je vous écris de mon ordi de boulot, mon ordi personnel étant infecté par Antispyware XP 2009 ( et non XP Antispyware 2009). ma question est la suivante: s'agit-il du même rogue, et puis-je appliquer la même procédure que celle indiquée ci-dessus pour m'en débarrasser?
Merci d'avance de votre réponse!

Christophe

Chaque est différent donc chacun son sujet.

OK, désolé....