Se connecter / S'enregistrer
Votre question

[Résolu] Keylogger

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Juin 2011 12:01:58

Bonjour,

Je me tourne vers vous pour un problème de sécurité sur mon PC.
En effet, je me suis récemment fait hacker mon Compte WoW et je suis maintenant sûr que mon PC contient un keylogger vu que je n'ai pas divulgué mon pass ou autre.
Le soucis est que j'ai effectué une analyse avec Antivir et une avec Ad Aware mais aucun des deux ne trouvent le keylogger en question.
Pourriez-vous m'aider pour me débarrasser de ce virus ?

Merci bien,

Cordialement

Autres pages sur : resolu keylogger

14 Juin 2011 21:35:46

Bonsoir
1

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

    ++

    ****
    2


    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php

    Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
    Double-clic sur le fichier GMER téléchargé.
    Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
    Clic en bas à droite sur le bouton « Scan » pour lancer le scan.



    Lorsque le scan est terminé, clic sur « Copy »

    Ouvre le bloc-note et clic sur le Menu Edition / Coller
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    15 Juin 2011 12:08:36

    Bonjour,

    Merci de votre aide, voilà les 2 scans :
    DDS :

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Guiguess at 12:01:44 on 2011-06-15
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.502 [GMT 2:00]
    .
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\WINDOWS\System32\svchost.exe -k imgsvc
    D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\WINDOWS\AGRSMMSG.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\svchost.exe -k HTTPFilter
    D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\Program Files\World of Warcraft\WoW.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    D:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
    uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
    uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [SiSRaid] d:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
    mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
    dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
    StartupFolder: d:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\wirele~1.lnk - d:\program files\wireless lan driver and utility\RtWLan.exe
    IE: E&xporter vers Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288434054826
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
    TCP: Interfaces\{18D14F67-0070-4D31-B6DE-8C7B544307AF} : DhcpNameServer = 212.27.40.241 212.27.40.240
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\fichie~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 213.239.206.138 l2authd.lineage2.com #Harmonie Server
    Hosts: 213.239.206.138 l2testauthd.lineage2.com #Harmonie Server
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\documents and settings\guiguess\application data\mozilla\firefox\profiles\94kpnys0.default\
    FF - component: d:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: d:\program files\ma-config.com\nphardwaredetection.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
    R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-10-30 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-10-30 136360]
    R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-10-30 269480]
    R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-10-30 61960]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128]
    R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [2010-10-30 187392]
    R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
    S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [2011-3-23 311744]
    .
    =============== Created Last 30 ================
    .
    2011-06-14 15:43:12 16432 ----a-w- d:\windows\system32\lsdelete.exe
    2011-06-14 09:54:52 781272 ----a-w- d:\program files\mozilla firefox\mozsqlite3.dll
    2011-06-14 09:54:52 1874904 ----a-w- d:\program files\mozilla firefox\mozjs.dll
    2011-06-14 09:54:51 89048 ----a-w- d:\program files\mozilla firefox\libEGL.dll
    2011-06-14 09:54:51 465880 ----a-w- d:\program files\mozilla firefox\libGLESv2.dll
    2011-06-14 09:54:51 15832 ----a-w- d:\program files\mozilla firefox\mozalloc.dll
    2011-06-14 09:54:50 1892184 ----a-w- d:\program files\mozilla firefox\d3dx9_42.dll
    2011-06-14 09:54:49 1974616 ----a-w- d:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-06-14 09:54:49 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
    2011-06-14 09:32:07 -------- d-----w- d:\windows\system32\NtmsData
    2011-06-14 09:21:37 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
    2011-06-14 09:04:47 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
    2011-06-14 09:04:23 -------- d-----w- d:\program files\Lavasoft
    2011-06-06 13:16:17 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-06-06 13:16:17 32656 ----a-w- d:\windows\system32\msonpmon.dll
    2011-06-06 13:02:20 -------- d-----w- d:\program files\Microsoft Visual Studio 8
    2011-06-06 13:01:34 -------- d-----w- d:\windows\SHELLNEW
    2011-06-06 13:01:14 -------- d-----w- d:\documents and settings\guiguess\local settings\application data\Microsoft Help
    2011-05-29 10:30:16 -------- d-----w- d:\documents and settings\guiguess\application data\go
    2011-05-29 10:29:54 -------- d-----w- d:\documents and settings\all users\application data\Easybits GO
    2011-05-20 21:32:57 -------- d-----w- d:\documents and settings\guiguess\application data\TS3Client
    2011-05-20 21:31:38 -------- d-----w- d:\program files\TeamSpeak 3 Client
    .
    ==================== Find3M ====================
    .
    2011-03-21 17:56:22 59904 ----a-w- d:\windows\system32\OVDecode.dll
    2011-03-21 17:56:06 51712 ----a-w- d:\windows\system32\OpenCL.dll
    2011-03-21 17:55:46 12385792 ----a-w- d:\windows\system32\amdocl.dll
    .
    ============= FINISH: 12:02:22,46 ===============


    GMER :

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-15 12:06:21
    Windows 5.1.2600 Service Pack 3
    Running: 3kr0sgvb.exe; Driver: D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys


    ---- Modules - GMER 1.0.15 ----

    Module SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) BA0F8000-BA104000 (49152 bytes)
    Module Lbd.sys (Boot Driver/Lavasoft AB) BA128000-BA137000 (61440 bytes)
    Module \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B91B4000-B9846000 (6889472 bytes)
    Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B8D8E000-B917D000 (4124672 bytes)
    Module \SystemRoot\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) BA3C0000-BA3C8000 (32768 bytes)
    Module \SystemRoot\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) B8C10000-B8D46000 (1269760 bytes)
    Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA3E8000-BA3ED000 (20480 bytes)
    Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) BA440000-BA446000 (24576 bytes)
    Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) B083E000-B0864000 (155648 bytes)
    Module \??\D:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) BA5E2000-BA5E4000 (8192 bytes)
    Module \SystemRoot\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) B07EC000-B081A000 (188416 bytes)
    Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF012000-BF060000 (319488 bytes)
    Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BF060000-BF130000 (851968 bytes)
    Module \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.) BF130000-BF1DF000 (716800 bytes)
    Module \SystemRoot\System32\atiok3x2.dll (Ring 0 x2 component/Advanced Micro Devices, Inc.) BF1DF000-BF25C000 (512000 bytes)
    Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BF25C000-BF651000 (4149248 bytes)
    Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/Advanced Micro Devices, Inc. ) BF9C6000-BFC55000 (2682880 bytes)
    Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF651000-BF698000 (290816 bytes)
    Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) AE446000-AE45B000 (86016 bytes)
    Module \SystemRoot\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) BA408000-BA40D000 (20480 bytes)
    Module \??\D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) AD544000-AD548000 (16384 bytes)
    Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\mbr.sys BA410000-BA417000 (28672 bytes)
    Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys (GMER) ABFCB000-ABFE4000 (102400 bytes)

    ---- Processes - GMER 1.0.15 ----

    Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 248
    Library D:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00990000
    Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
    Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00D60000

    Process D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 360
    Library D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
    Library D:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
    Library D:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00B90000
    Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00CF0000
    Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D10000

    Process D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 644
    Library D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000
    Library D:\Program Files\Avira\AntiVir Desktop\libdb44.dll (Berkeley DB 4.4 DLL/Sleepycat Software) 0x13000000
    Library D:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000
    Library D:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00D40000
    Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00D50000
    Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D70000
    Library D:\Program Files\Avira\AntiVir Desktop\avsmtp.dll (Antivirus email sender library/Avira GmbH) 0x00F00000
    Library D:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x00F60000
    Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01EA0000
    Library D:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00EE0000
    Library D:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01090000
    Library D:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x010E0000
    Library D:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01110000
    Library D:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x012B0000
    Library D:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x014E0000
    Library D:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01550000
    Library D:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01600000
    Library D:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x016A0000
    Library D:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01700000
    Library D:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01750000
    Library D:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01AD0000
    Library D:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01B20000
    Library D:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01BA0000
    Library D:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01C20000

    Process D:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 764
    Library D:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x10000000
    Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x010D0000

    Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 984
    Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
    Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x003C0000
    Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000

    Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1528
    Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
    Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00CA0000
    Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
    Library D:\WINDOWS\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x00CD0000
    Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x00D10000

    Process D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 1588
    Library D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 0x00400000
    Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x10000000

    Process D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 1656
    Library D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 0x00400000

    Process D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 1704
    Library D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 0x00400000
    Library D:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 0x10000000
    Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x00BA0000
    Library D:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition) /Lavasoft Limited) 0x014A0000
    Library D:\Program Files\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library /Lavasoft Limited) 0x02150000
    Library D:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll 0x02300000
    Library D:\Program Files\Lavasoft\Ad-Aware\SBTE.dll (Threat Engine Dynamic Link Library/Sunbelt Software) 0x02380000
    Library D:\Program Files\Lavasoft\Ad-Aware\Vipre.dll 0x024F0000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll 0x0F600000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll 0x0F800000
    Library D:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery /Lavasoft Limited) 0x04C70000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll 0x051A0000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll 0x0EC00000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll 0x053D0000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll 0x05A30000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll 0x05BD0000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll 0x05C30000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll 0x05CE0000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll 0x0EE00000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll 0x05D60000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll 0x0F000000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll 0x05F00000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll 0x05F60000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll 0x0F200000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll 0x0F400000
    Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw 0x07210000

    Process D:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1900
    Library D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x02F00000
    Library D:\Program Files\WinRAR\rarext.dll 0x03AA0000
    Library D:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH) 0x03B50000
    Library D:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll (Shell Extension /Lavasoft Limited) 0x03C20000
    Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03E00000
    Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03C00000

    Process D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2148
    Library D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
    Library D:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Antivirus Control Center Common Worker Library/Avira GmbH) 0x10000000
    Library d:\program files\avira\antivir desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x003E0000
    Library d:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00B10000
    Library d:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00C10000
    Library d:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00E20000
    Library d:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00EB0000
    Library d:\program files\avira\antivir desktop\ccgrdw.dll (Control Center Guard Worker Plugin/Avira GmbH) 0x00EC0000
    Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00EF0000
    Library d:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00F20000
    Library d:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00F90000
    Library d:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x011D0000
    Library d:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x01200000
    Library d:\program files\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x01210000
    Library d:\program files\avira\antivir desktop\ccmsgrc.dll (Control Center MSG Plugin Resources/Avira GmbH) 0x01280000
    Library D:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira AntiVir PersonalEdition Classic Master Resource File (English)/Avira GmbH) 0x015A0000
    Library d:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH) 0x00FA0000

    Process D:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Office Word/Microsoft Corporation) 2156
    Library D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSPTLS.DLL 0x6BDC0000

    Process D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 2304
    Library D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 0x00400000

    Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 2324
    Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000

    Process D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 2368
    Library D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 0x00400000

    Process D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 2504
    Library D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 0x00400000
    Library D:\Program Files\Spybot - Search & Destroy\advcheck.dll (Dateiüberprüfungs-Bibliothek/Safer-Networking Ltd.) 0x05780000

    Process D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) 2524
    Library D:\Program Files\Windows Live\Messenger\MSIMG32.dll (Loader for Messenger Plus! Live/Yuna Software) 0x26000000
    Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
    Library D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) 0x28000000
    Library D:\Program Files\Messenger Plus! Live\Detoured.dll 0x0F000000
    Library D:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll (Messenger Plus! Live Resources/Yuna Software) 0x29000000
    Library D:\WINDOWS\system32\msdmo.dll 0x73600000

    Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2732
    Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x5A1F0000

    Process D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 2792
    Library D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 0x00400000
    Library D:\Program Files\Wireless LAN Driver and Utility\EnumDevLib.dll 0x10000000
    Library D:\Program Files\Wireless LAN Driver and Utility\RtlLib.dll (RtlLib DLL/Realtek Semiconductor Corp.) 0x00340000
    Library D:\Program Files\Wireless LAN Driver and Utility\acAuth.dll 0x004C0000
    Library D:\Program Files\Wireless LAN Driver and Utility\IpLib.dll (TODO: <File description>/TODO: <Company name>) 0x00380000

    Process D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 3196
    Library D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 0x00400000
    Library D:\Program Files\World of Warcraft\Battle.net.dll (Battle.net Client Library/Blizzard Entertainment) 0x3C8F0000

    Process D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 3800
    Library D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 0x00400000
    Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x10000000

    ---- Services - GMER 1.0.15 ----

    Service D:\WINDOWS\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) [AUTO] AegisP
    Service D:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem
    Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
    Service D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
    Service D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
    Service D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
    Service D:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart
    Service D:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
    Service Atierecord
    Service D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
    Service D:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
    Service D:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) [SYSTEM] avipbb
    Service D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Driver NT Ma-Config.com/CybelSoft) [MANUAL] driverhardwarev2
    Service D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [AUTO] Lavasoft Ad-Aware Service
    Service D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [MANUAL] Lavasoft Kernexplorer
    Service D:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
    Service D:\Program Files\ma-config.com\maconfservice.exe (Service de détection matériel/CybelSoft) [MANUAL] maconfservice
    Service MSDTC Bridge 3.0.0.0
    Service Outlook
    Service D:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
    Service D:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTLWUSB
    Service D:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
    Service ServiceModelEndpoint 3.0.0.0
    Service ServiceModelOperation 3.0.0.0
    Service ServiceModelService 3.0.0.0
    Service D:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC
    Service D:\WINDOWS\system32\DRIVERS\SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid
    Service D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) [MANUAL] SjyPkt
    Service SMSvcHost 3.0.0.0
    Service D:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
    Service Windows Workflow Foundation 3.0.0.0

    ---- EOF - GMER 1.0.15 ----
    Contenus similaires
    16 Juin 2011 13:28:45

    Up, je n'ai toujours pas trouvé la source du problème :/ 
    16 Juin 2011 21:33:08

    Bonsoir
    j'avais un doute sur:
    R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
    mais apparemment c'est propre:
    http://www.file.net/process/sjypkt.sys.html
    et en plus Gmer n'a pas coinqué dessus.



    On va faire une routine avec Combofix, mais à mon avis, c'est propre.


    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++


    18 Juin 2011 13:40:30

    Merci de votre aide !
    Je ne sais pas si c'est réellement propre encore, j'ai eu une nouvelle tentative de hack...

    ComboFix 11-06-17.04 - Guiguess 18/06/2011 13:13:03.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
    Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Autorun.inf
    D:\Install.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
    2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
    2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
    2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
    2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
    2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
    2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
    2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
    2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
    2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
    2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
    2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
    2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
    2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
    2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
    2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
    2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
    2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
    2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
    2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
    2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
    2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
    2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
    2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
    2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
    2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
    2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
    2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
    2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
    2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
    2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
    2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
    "Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
    "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
    "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
    "d:\\Program Files\\Heroes of Newerth\\hon.exe"=
    "d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8395:TCP"= 8395:TCP:League of Legends Launcher
    "8395:UDP"= 8395:UDP:League of Legends Launcher
    "6903:TCP"= 6903:TCP:League of Legends Launcher
    "6903:UDP"= 6903:UDP:League of Legends Launcher
    "8396:TCP"= 8396:TCP:League of Legends Launcher
    "8396:UDP"= 8396:UDP:League of Legends Launcher
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "6934:TCP"= 6934:TCP:League of Legends Launcher
    "6934:UDP"= 6934:UDP:League of Legends Launcher
    "6912:TCP"= 6912:TCP:League of Legends Launcher
    "6912:UDP"= 6912:UDP:League of Legends Launcher
    "6936:TCP"= 6936:TCP:League of Legends Launcher
    "6936:UDP"= 6936:UDP:League of Legends Launcher
    "6910:TCP"= 6910:TCP:League of Legends Launcher
    "6910:UDP"= 6910:UDP:League of Legends Launcher
    "6908:TCP"= 6908:TCP:League of Legends Launcher
    "6908:UDP"= 6908:UDP:League of Legends Launcher
    "6901:TCP"= 6901:TCP:League of Legends Launcher
    "6901:UDP"= 6901:UDP:League of Legends Launcher
    "6959:TCP"= 6959:TCP:League of Legends Launcher
    "6959:UDP"= 6959:UDP:League of Legends Launcher
    "6920:TCP"= 6920:TCP:League of Legends Launcher
    "6920:UDP"= 6920:UDP:League of Legends Launcher
    "8397:TCP"= 8397:TCP:League of Legends Launcher
    "8397:UDP"= 8397:UDP:League of Legends Launcher
    "6964:TCP"= 6964:TCP:League of Legends Launcher
    "6964:UDP"= 6964:UDP:League of Legends Launcher
    "6943:TCP"= 6943:TCP:League of Legends Launcher
    "6943:UDP"= 6943:UDP:League of Legends Launcher
    "8398:TCP"= 8398:TCP:League of Legends Launcher
    "8398:UDP"= 8398:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
    .
    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
    R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
    S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
    S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - SJYPKT
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
    - d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 13:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(764)
    d:\windows\system32\Ati2evxx.dll
    d:\windows\system32\atiadlxx.dll
    .
    Heure de fin: 2011-06-18 13:19:13
    ComboFix-quarantined-files.txt 2011-06-18 11:18
    .
    Avant-CF: 56 189 759 488 octets libres
    Après-CF: 56 542 978 048 octets libres
    .
    - - End Of File - - 286B441324BD4444F438CE9B972038A7
    18 Juin 2011 21:44:41

    Bonsoir
    Mysteria a dit :
    Merci de votre aide !
    Je ne sais pas si c'est réellement propre encore, j'ai eu une nouvelle tentative de hack...

    poste le rapport de scan ou fait un screenshot pour que je voie de quoi tu parles.
    19 Juin 2011 15:28:52

    ComboFix 11-06-17.04 - Guiguess 18/06/2011 13:13:03.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
    Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Autorun.inf
    D:\Install.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
    2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
    2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
    2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
    2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
    2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
    2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
    2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
    2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
    2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
    2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
    2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
    2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
    2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
    2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
    2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
    2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
    2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
    2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
    2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
    2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
    2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
    2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
    2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
    2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
    2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
    2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
    2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
    2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
    2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
    2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
    2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
    "Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
    "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
    "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
    "d:\\Program Files\\Heroes of Newerth\\hon.exe"=
    "d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8395:TCP"= 8395:TCP:League of Legends Launcher
    "8395:UDP"= 8395:UDP:League of Legends Launcher
    "6903:TCP"= 6903:TCP:League of Legends Launcher
    "6903:UDP"= 6903:UDP:League of Legends Launcher
    "8396:TCP"= 8396:TCP:League of Legends Launcher
    "8396:UDP"= 8396:UDP:League of Legends Launcher
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "6934:TCP"= 6934:TCP:League of Legends Launcher
    "6934:UDP"= 6934:UDP:League of Legends Launcher
    "6912:TCP"= 6912:TCP:League of Legends Launcher
    "6912:UDP"= 6912:UDP:League of Legends Launcher
    "6936:TCP"= 6936:TCP:League of Legends Launcher
    "6936:UDP"= 6936:UDP:League of Legends Launcher
    "6910:TCP"= 6910:TCP:League of Legends Launcher
    "6910:UDP"= 6910:UDP:League of Legends Launcher
    "6908:TCP"= 6908:TCP:League of Legends Launcher
    "6908:UDP"= 6908:UDP:League of Legends Launcher
    "6901:TCP"= 6901:TCP:League of Legends Launcher
    "6901:UDP"= 6901:UDP:League of Legends Launcher
    "6959:TCP"= 6959:TCP:League of Legends Launcher
    "6959:UDP"= 6959:UDP:League of Legends Launcher
    "6920:TCP"= 6920:TCP:League of Legends Launcher
    "6920:UDP"= 6920:UDP:League of Legends Launcher
    "8397:TCP"= 8397:TCP:League of Legends Launcher
    "8397:UDP"= 8397:UDP:League of Legends Launcher
    "6964:TCP"= 6964:TCP:League of Legends Launcher
    "6964:UDP"= 6964:UDP:League of Legends Launcher
    "6943:TCP"= 6943:TCP:League of Legends Launcher
    "6943:UDP"= 6943:UDP:League of Legends Launcher
    "8398:TCP"= 8398:TCP:League of Legends Launcher
    "8398:UDP"= 8398:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
    .
    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
    R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
    S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
    S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - SJYPKT
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
    - d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 13:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(764)
    d:\windows\system32\Ati2evxx.dll
    d:\windows\system32\atiadlxx.dll
    .
    Heure de fin: 2011-06-18 13:19:13
    ComboFix-quarantined-files.txt 2011-06-18 11:18
    .
    Avant-CF: 56 189 759 488 octets libres
    Après-CF: 56 542 978 048 octets libres
    .
    - - End Of File - - 286B441324BD4444F438CE9B972038A7

    C'est pas ça ?
    19 Juin 2011 18:21:03

    bonsoir
    non...
    tu dis:
    Citation :
    Je ne sais pas si c'est réellement propre encore, j'ai eu une nouvelle tentative de hack...

    détaille ceci stp... c'est une alerte de ton antivirus? précise les choses.
    20 Juin 2011 18:18:05

    Bah j'ai eu une nouvelle tentative de hack sur mon compte wow mais le compte a été bloqué et donc il n'y a rien eu.
    Mais la depuis plus rien je pense que le soucis doit être réglé^^
    20 Juin 2011 21:30:56



    Supprime/Désinstalle tous les programmes utilisés pour la désinfection.
    (mais garde Malwarebytes' Anti-Malware pour faire des scan réguliers (en n'omettant pas de le mettre à jour)

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

    Clique ensuite sur "Valider votre message"

    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    +++
    21 Juin 2011 12:51:11

    Merci bien pour toute cette aide :) 

    Bonne journée !
    22 Juin 2011 00:23:24

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS