Se connecter / S'enregistrer
Votre question

Probleme virus go-google!

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Octobre 2008 11:44:16

Bonjour,

Voila ça fait 2 semaines que mon pc a un virus lié à google, donc en fait dès que je fais des recherches sur ce site ca me renvoie sur des pages "go-google" qui sont des pubs, ca ralentit enormément mon ordi et en + il commence à faire des bruits bizarres donc ca m'inquiete vraiment!
Cerise sur le gateau mon pc refuse de démarrer en mode sans échec, à chaque fois que j'essaye il redémarre donc voila je ne sais pas comment enlever ce virus!!!

Aidez moi s'il vous plait! :( 

Voici le rapport HijackThis si ca peut aider! :/ 

Merci d'avance!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:52, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
D:\avast\ashMaiSv.exe
D:\avast\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\svchost.exe
D:\avast\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chloe\Bureau\HiJackThis.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WellPhone XT Sagem] "D:\Logiciels\Wellphone\WellPhone2.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13432 bytes

Autres pages sur : probleme virus google

a b 8 Sécurité
12 Octobre 2008 11:46:36

Bonjour,

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
    12 Octobre 2008 12:07:11

    Merci d'avoir répondu!

    voici le résultat :

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\drivers\TDSSserv.sys 65536 bytes
    C:\WINDOWS\system32\tdssmain.dll 32768 bytes
    C:\WINDOWS\system32\tdsslog.dll 32768 bytes
    C:\WINDOWS\system32\TDSSl.dll 65536 bytes
    C:\WINDOWS\system32\tdssadw.dll 98304 bytes
    C:\WINDOWS\system32\tdssserf.dll 32768 bytes
    C:\WINDOWS\system32\tdssinit.dll 65536 bytes
    C:\WINDOWS\system32\tdssserf1.dll 32768 bytes
    C:\WINDOWS\system32\tdssservers.dat 32768 bytes
    C:\WINDOWS\system32\TDSSerrors.log 32768 bytes
    C:\WINDOWS\Temp\TDSSe18b.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSce1d.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSdb6b.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSb9ab.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSd783.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSd188.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSd774.tmp 65536 bytes
    C:\WINDOWS\Temp\TDSSe7c0.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSdadf.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSde0b.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf973.tmp 98304 bytes
    C:\WINDOWS\Temp\TDSS1a.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSfbfe.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSbc65.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSbab4.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf0e2.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS564.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS2fec.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS7041.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf368.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSb4d8.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS2f33.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS1f08.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSd541.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSed7c.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS3118.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSS6bad.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSeab8.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf0a4.tmp 65536 bytes
    C:\WINDOWS\Temp\TDSS9be7.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSff9d.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf3e0.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSf576.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSfac5.tmp 98304 bytes
    C:\WINDOWS\Temp\TDSSfc8a.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSfead.tmp 32768 bytes
    C:\WINDOWS\Temp\TDSSe81d.tmp 32768 bytes
    C:\Documents and Settings\Chloe\Local Settings\Temp\TDSSf0a.tmp 688128 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 48
    Contenus similaires
    a b 8 Sécurité
    12 Octobre 2008 15:21:57

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    12 Octobre 2008 15:58:37

    ca fait peur toutes ces recommandations!

    il va le supporter mon pc? non parce que je suis capable de definitivement le planter et j'en ai quand meme super besoin donc je crainds un peu le pire la! y'a pas d'autres solutions sinon? :/ 
    sinon je le fais mais ca me fait peur!
    désolée d'etre aussi penible :/ 
    12 Octobre 2008 17:02:54

    Utilise le guide si tu veux ;) 

    non ne t'inquiète pas, il n'y a pas de problème à le faire :) 

    Angeldark pourra mieux t'aider avec le rapport suivant

    (si je ne me trompe pas ^^)
    a b 8 Sécurité
    12 Octobre 2008 19:08:08

    Au vu de ton infection, il risque de planter à tout moment.
    1 Novembre 2008 11:41:31

    Désolée pour le retard mais bon pc n'en fait vraiment qu'à sa tête ces derniers temps donc ca n'a pas été facile!
    J'ai quand meme reussi à mettre Combofix et voici le rapport:

    ComboFix 08-10-31.02 - Chloe 2008-11-01 11:12:13.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.645 [GMT 1:00]
    Commutateurs utilisés :: C:\Documents and Settings\Chloe\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\pcodec
    C:\WINDOWS\system32\drivers\tdssserv.sys
    C:\WINDOWS\system32\TDSSadw.dll
    C:\WINDOWS\system32\TDSSerrors.log
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssl.dll
    C:\WINDOWS\system32\tdsslog.dll
    C:\WINDOWS\system32\tdssmain.dll
    C:\WINDOWS\system32\tdssserf.dll
    C:\WINDOWS\system32\tdssserf1.dll
    C:\WINDOWS\system32\TDSSservers.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv
    -------\Legacy_TDSSserv
    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-01 11:03 . 2008-11-01 11:03 <REP> d--hs---- C:\FOUND.006
    2008-10-15 07:09 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 07:09 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 07:09 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 07:09 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 07:09 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 07:09 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-09 21:28 . 2008-10-09 21:28 17,754,192 --a------ C:\upload_moi_CHLOÉ.tar.gz
    2008-10-08 18:46 . 2008-10-08 18:46 <REP> d--hs---- C:\Documents and Settings\Chloe\PrivacIE
    2008-10-08 18:38 . 2008-10-08 18:38 <REP> d--h----- C:\WINDOWS\ie8
    2008-10-08 17:35 . 2008-10-08 17:35 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
    2008-10-08 17:33 . 2008-10-08 17:33 <REP> d-------- C:\WINDOWS\ERUNT

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-27 12:42 6,502 ----a-w C:\Documents and Settings\Chloe\Application Data\wklnhst.dat
    2008-10-15 06:58 90,112 ----a-w C:\WINDOWS\DUMP52a4.tmp
    2008-10-09 17:44 90,112 ----a-w C:\WINDOWS\DUMP3ab7.tmp
    2008-10-08 16:39 90,112 ----a-w C:\WINDOWS\DUMP3a3b.tmp
    2008-10-08 12:09 90,112 ----a-w C:\WINDOWS\DUMP3b63.tmp
    2008-10-07 17:24 90,112 ----a-w C:\WINDOWS\DUMP3a3a.tmp
    2008-10-07 17:21 90,112 ----a-w C:\WINDOWS\DUMP3a2a.tmp
    2008-10-07 17:03 90,112 ----a-w C:\WINDOWS\DUMP39fb.tmp
    2008-10-05 11:04 90,112 ----a-w C:\WINDOWS\DUMP5db0.tmp
    2008-10-05 11:01 90,112 ----a-w C:\WINDOWS\DUMP3a78.tmp
    2008-10-05 09:40 90,112 ----a-w C:\WINDOWS\DUMP3ad6.tmp
    2008-10-04 13:38 140 ----a-w C:\Program Files\hiobxd.txt
    2008-10-04 13:21 90,112 ----a-w C:\WINDOWS\DUMP3a0b.tmp
    2008-10-03 13:45 140 ----a-w C:\Program Files\nzylftpv.txt
    2008-09-30 18:11 --------- d-----w C:\Documents and Settings\Chloe\Application Data\Malwarebytes
    2008-09-30 18:10 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-29 19:37 90,112 ----a-w C:\WINDOWS\DUMP5e9a.tmp
    2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
    2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-09-17 16:34 4,026 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-08 23:23 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-07 18:44 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-08-22 02:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-08-22 02:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
    2008-08-22 02:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2008-08-22 02:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-08-22 02:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
    2008-08-22 02:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
    2008-08-22 02:07 18,944 ------w C:\WINDOWS\system32\dllcache\corpol.dll
    2008-08-22 02:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2008-08-22 02:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2008-08-22 02:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
    2008-08-22 02:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
    2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
    2008-08-22 01:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2007-03-24 14:55 2,874,926 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2007-03-24 14:55 18,029,000 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
    2008-03-10 10:14 168 --sh--r C:\WINDOWS\system32\E98EC8630F.sys
    .

    ------- Sigcheck -------

    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\system32\svchost.exe
    2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe

    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\user32.dll
    2008-10-08 17:35 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\system32\dllcache\user32.dll
    2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    2004-08-05 14:00 578048 e46fb493e3b33704f0715020cf52106b C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll

    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\system32\ws2_32.dll
    2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

    2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 C:\WINDOWS\system32\wininet.dll
    2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 C:\WINDOWS\system32\dllcache\wininet.dll
    2006-05-10 07:24 662528 343fabbf09312842816e92947aacf73a C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
    2006-09-14 09:40 663040 b1e994472f3574db141266f1aa905433 C:\WINDOWS\ie7\wininet.dll
    2006-06-23 13:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
    2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
    2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
    2007-02-27 15:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
    2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
    2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
    2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
    2007-12-07 03:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
    2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
    2006-03-04 06:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
    2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
    2006-06-23 13:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
    2006-09-14 09:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
    2007-03-23 11:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
    2007-04-25 10:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
    2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    2004-08-05 14:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
    2006-03-04 05:35 662528 19e1a21f21bc938a92ee8be630994493 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
    2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\ie8\wininet.dll

    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
    2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
    2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\system32\winlogon.exe
    2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys
    2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys

    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys
    2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

    2008-08-14 15:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 15:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-08-14 15:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    2006-12-19 19:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
    2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
    2008-08-14 19:26 2068096 755b50949d0dbc0f0136b0db58765331 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    2004-08-05 14:00 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
    2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
    2006-12-19 19:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
    2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
    2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
    2008-04-14 04:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe

    2008-08-14 15:23 2191232 c8d4d5974f9671da0a37175650912960 C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 15:23 2191232 c8d4d5974f9671da0a37175650912960 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-08-14 15:23 2191232 c8d4d5974f9671da0a37175650912960 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    2006-12-19 19:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
    2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
    2008-08-14 19:26 2191232 d79210549bbf09b7638e860440504299 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    2004-08-05 14:00 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
    2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
    2006-12-19 19:22 2182400 d27929db7b7f92f9d0f8ec9ba01c601c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
    2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
    2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
    2008-04-14 04:08 2191104 099d639da1ef6968d4e41795bb507e6b C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe

    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\system32\services.exe
    2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe

    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\system32\lsass.exe
    2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe

    2008-04-14 04:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\system32\ctfmon.exe
    2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 04:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

    2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\system32\spoolsv.exe
    2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2004-08-05 14:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
    2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

    2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\system32\userinit.exe
    2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\ServicePackFiles\i386\userinit.exe

    2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c C:\WINDOWS\system32\termsrv.dll
    2004-08-05 14:00 297984 7d521b8cf926459e270d18c559323815 C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
    "DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-11-29 53248]
    "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 182272]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 102400]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 7286784]
    "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016]
    "Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 688218]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-24 190024]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 35328]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-23 180269]
    "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336]
    "helpr"="C:\Program Files\SETI\helper.exe" [2001-08-09 401920]
    "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
    "nwiz"="nwiz.exe" [2005-09-23 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 C:\WINDOWS\RTHDCPL.EXE]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 C:\WINDOWS\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\Chloe\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 5484544]
    Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-03-12 111376]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-01-17 32768]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-05-20 169472]
    LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-09-24 217088]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Winamp\\Winamp.exe"=
    "C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "D:\\avast\\ashAvast.exe"=

    R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 57088]
    R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 27264]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S0 gcdcw;gcdcw;C:\WINDOWS\system32\drivers\fqmfhe.sys [ ]
    S0 ptmxm;ptmxm;C:\WINDOWS\system32\drivers\dkzg.sys [ ]
    S0 qkmv;qkmv;C:\WINDOWS\system32\drivers\plsftlg.sys [ ]
    S0 rkstg;rkstg;C:\WINDOWS\system32\drivers\zfnom.sys [ ]
    S0 sdxc;sdxc;C:\WINDOWS\system32\drivers\ngjfbf.sys [ ]
    S0 vtbvkj;vtbvkj;C:\WINDOWS\system32\drivers\lljmuzu.sys [ ]
    S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 5824]
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2c35526-e38e-11dc-84cd-00150047009b}]
    \Shell\AutoRun\command - E:\loader.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7794f21-4a7a-11dd-8597-0015562313b4}]
    \Shell\AutoRun\command - H:\EmDesk.exe
    \Shell\EmDesk\command - H:\EmDesk.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-TheTurtle - C:\Program Files\TheTurtle\TheTurtle.exe
    HKCU-Run-WellPhone XT Sagem - D:\Logiciels\Wellphone\WellPhone2.exe
    HKLM-Run-Zshutdown - c:\sysprep\patch\sysprep.cmd
    HKLM-Run-GameFace Messenger - C:\Program Files\GameFace Messenger\GameFace.exe
    HKLM-Run-ExtraFilmHemmaAgent - C:\Program Files\Extrafilm FotoFacil\Agent.exe
    HKLM-Run-NB Probe - (no file)
    HKLM-Run-StandardInstall - (no file)


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Chloe\Application Data\Mozilla\Firefox\Profiles\mdogxiyc.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.club-internet.fr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-01 11:18:31
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    D:\avast\aswUpdSv.exe
    D:\avast\ashServ.exe
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\1XCONFIG.EXE
    C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    C:\WINDOWS\ATKKBSERVICE.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
    C:\WINDOWS\SYSTEM32\NVSVC32.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\OPROTSVC.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
    C:\PROGRAM FILES\CLUB-INTERNET\LE COMPAGNON CLUB\SMARTBRIDGE\MOTIVESB.EXE
    D:\avast\ashMaiSv.exe
    D:\avast\ashWebSv.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-01 11:21:58 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-01 10:21:54

    Avant-CF: 14,839,939,072 octets libres
    Après-CF: 15,099,101,184 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    364 --- E O F --- 2008-11-01 09:29:40

    J'espère que ca va donner quelque chose :/ 
    Merci beaucoup! :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS