Se connecter / S'enregistrer
Votre question

[Résolu] Virus adware virtumonde 2008 - fenetre intempestive

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Septembre 2008 18:59:35

à l'aide svp!!!
depuis 2 semaines, mon ordi est super lent et il y a plein de fenetres intempestives qui apparaissent lorsque je suis sur internet.Nod32 me signal que j'ai ''Virus adware virtumonde 2008 '' mais il est incapable de le supprimer.J'ai aussi un bouclier rouge avec un X dessus dans ma barre de lancement.
Est ce que quelqu'un pourrais m'aider ? Je vous envois mon rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:42, on 2008-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5894 bytes

Autres pages sur : resolu virus adware virtumonde 2008 fenetre intempestive

28 Septembre 2008 20:36:03

bonsoir
Télécharge Toolbar S&D de la Team IDN sur ton bureau.

  • Double-clique dessus pour lancer l'installation.
  • Accepte le contrat de licence.
  • Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
  • Sélectionne la langue souhaitée et valide par la touche entrée.
  • Choisis l'option 1 ( Recherche ).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré. ( C:\TB.txt )
    28 Septembre 2008 22:27:47

    Merci de prendre de ton temps pour m'aider.

    Voici le rapport:

    -----------\\ ToolBar S&D 1.2.1 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
    USER : Vianney St. Pierre ( Administrator )
    BOOT : Normal boot
    Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
    C:\ (Local Disk) - NTFS - Total : 27 Go Free : 4 Go
    D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
    Option : [1] ( 2008-09-28|16:17 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings
    C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings\kb127
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&..."
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\fMWFgfii.ini
    C:\WINDOWS\system32\fMWFgfii.ini2
    C:\WINDOWS\system32\IhjiQqss.ini2
    ==> VUNDO <==

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D Studio Max 9 + Tutorials and Keygen.daa
    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.3712693.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\Autodesk_Maya_2008_Unlimited_(win32)keygen_included.3810396.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\4Musics Multiformat Converter 1.4 + Crack (download torrent) - TPB.url
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3D Studio Max 9 + Tutorials and Keygen - The Pirate Bay.url
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3ds Max 9 Keygen Warez Download, 3ds Max 9 Keygen Torrent, 3ds Max 9 Keygen Full, 3ds Max 9 Keygen Crack, 3ds Max 9 Keygen Seri.url
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\The Pirate Bay - The worlds largest BitTorrent tracker.url
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\awkeygen.exe
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Alex\dowload\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\3D Studio Max 9 + Tutorials and Keygen.iso
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\Readme.txt
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\Autodesk Maya 2008 Unlimited.daa
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\lma01488
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\lma02904
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\Autodesk Maya 2008 Unlimited (win32)keygen included\readme.txt



    1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]

    -----------\\ Fin du rapport a 16:22:33.22

    Contenus similaires
    29 Septembre 2008 18:00:35

    bonsoir

    1

    vire tous tes cracks pourris, à l'origine de ton infection...

    2

    Relance Toolbar S&D

  • Choisis cette fois-ci l'option 2. ( Suppression )
    Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré. ( C:\TB.txt )

    3
    ajoute un log hijackthis stp
    29 Septembre 2008 23:50:20

    Bonjour!



    Voici le rapport de (C:\TB.txt):


    -----------\\ ToolBar S&D 1.2.1 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
    USER : Vianney St. Pierre ( Administrator )
    BOOT : Normal boot
    Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
    C:\ (Local Disk) - NTFS - Total : 27 Go Free : 5 Go
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
    Option : [2] ( 2008-09-29|17:34 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\VIANNE~1.PIE\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&..."
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.msn.com/"


    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\fMWFgfii.ini
    C:\WINDOWS\system32\fMWFgfii.ini2
    C:\WINDOWS\system32\IhjiQqss.ini2
    ==> VUNDO <==

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D Studio Max 9 + Tutorials and Keygen.daa
    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.3712693.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\Application Data\Azureus\torrents\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3D Studio Max 9 + Tutorials and Keygen - The Pirate Bay.url
    C:\DOCUME~1\VIANNE~1.PIE\Favorites\keygen\3ds Max 9 Keygen Warez Download, 3ds Max 9 Keygen Torrent, 3ds Max 9 Keygen Full, 3ds Max 9 Keygen Crack, 3ds Max 9 Keygen Seri.url
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\awkeygen.exe
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Alex\dowload\3D_Studio_Max_9___Tutorials_and_Keygen.4143598.TPB.torrent
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\3D Studio Max 9 + Tutorials and Keygen.iso
    C:\DOCUME~1\VIANNE~1.PIE\My Documents\Azureus Downloads\3D Studio Max 9 + Tutorials and Keygen\Readme.txt



    1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 2008-09-29|17:17 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 2008-09-29|17:31 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 2008-09-29|17:38 - Option : [2]





    Et maintenant le rapport de hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:47:36, on 2008-09-29
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [7c019a00] rundll32.exe "C:\WINDOWS\system32\phbmosnb.dll",b
    O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
    O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 5783 bytes

    30 Septembre 2008 20:58:02

    bonsoir
    je ne ferai rien tant que tu n'auras pas viré tes cracks :o 
    ils sont l'origine de ton infection. Je ne vais pas perdre mon temps avec toi si tu souhaites n'en faire qu'à ta tête...
    1 Octobre 2008 02:59:35

    salut, je suis désoler.

    voici le rapport:


    -----------\\ ToolBar S&D 1.2.1 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
    USER : Vianney St. Pierre ( Administrator )
    BOOT : Normal boot
    Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
    C:\ (Local Disk) - NTFS - Total : 27 Go Free : 6 Go
    D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
    Option : [1] ( 2008-09-30|20:54 )

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&..."
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.msn.com/"


    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\fMWFgfii.ini
    C:\WINDOWS\system32\fMWFgfii.ini2
    C:\WINDOWS\system32\IhjiQqss.ini2
    ==> VUNDO <==




    1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-28|16:22 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 2008-09-29|17:17 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 2008-09-29|17:31 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 2008-09-29|17:38 - Option : [2]
    5 - "C:\ToolBar SD\TB_5.txt" - 2008-09-30|17:45 - Option : [1]
    6 - "C:\ToolBar SD\TB_6.txt" - 2008-09-30|18:05 - Option : [1]
    7 - "C:\ToolBar SD\TB_7.txt" - 2008-09-30|18:21 - Option : [1]
    8 - "C:\ToolBar SD\TB_8.txt" - 2008-09-30|18:26 - Option : [1]
    9 - "C:\ToolBar SD\TB_9.txt" - 2008-09-30|20:55 - Option : [1]

    -----------\\ Fin du rapport a 20:55:03.78



    Rapport hijack



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:39, on 2008-09-30
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: {bfa4fc78-ea31-b3fa-b964-f9758675b750} - {057b5768-579f-469b-af3b-13ae87cf4afb} - C:\WINDOWS\system32\titiuh.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4FBEE7B7-DC1B-4F77-AF6E-7992BDFE1056} - C:\WINDOWS\system32\iifgFWMf.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9303f0d2-f3a8-40d1-9365-f7d14560dfa7} - C:\WINDOWS\system32\kwaagl.dll (file missing)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [7c019a00] rundll32.exe "C:\WINDOWS\system32\phbmosnb.dll",b
    O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
    O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 6500 bytes
    1 Octobre 2008 15:37:01

    bonjour

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    2 Octobre 2008 00:24:10

    voici le rapport avant la suppression:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1225
    Windows 5.1.2600 Service Pack 3

    2008-10-01 18:16:25
    mbam-log-2008-10-01 (18-16-12).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 99809
    Temps écoulé: 1 hour(s), 9 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 28

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c019a00 (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\titiuh.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\SYSTEM32\hyfvcace.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\SYSTEM32\ecacvfyh.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\SYSTEM32\qhnlscmv.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\SYSTEM32\vmcslnhq.ini (Trojan.Vundo.H) -> No action taken.
    C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\IINE58CF\upd105320[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\RRQGLNWP\nd82m0[1] (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0050795.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0051795.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0052795.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0052847.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052867.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052868.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052870.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0052981.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053008.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053009.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053010.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\gcnwxwth.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\igelol.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\ihhlkp.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\lwvwgaxh.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\qggugs.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\uankdksk.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\vstrpc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\wbtgdekp.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\wpsctolc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.




    Et le rapport apres :


    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1225
    Windows 5.1.2600 Service Pack 3

    2008-10-01 18:16:38
    mbam-log-2008-10-01 (18-16-38).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 99809
    Temps écoulé: 1 hour(s), 9 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 28

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{057b5768-579f-469b-af3b-13ae87cf4afb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c019a00 (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\titiuh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\hyfvcace.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ecacvfyh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\qhnlscmv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\vmcslnhq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\IINE58CF\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Vianney St. Pierre\Local Settings\Temporary Internet Files\Content.IE5\RRQGLNWP\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0050795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0051795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0052795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0052847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052867.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052868.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0052870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0052981.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0053010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\gcnwxwth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\igelol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\ihhlkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\lwvwgaxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\qggugs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\uankdksk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\vstrpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\wbtgdekp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\wpsctolc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.


    2 Octobre 2008 18:31:54

    bonsoir

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.

    2 Octobre 2008 23:08:03

    Bonjour !



    Voici le rapport ComboFix

    ComboFix 08-09-20.02 - Vianney St. Pierre 2008-10-02 16:49:14.4 - NTFSx86
    Running from: C:\Documents and Settings\Vianney St. Pierre\Desktop\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
    .

    2019-10-27 16:51 . 2019-10-27 16:49 512,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amon.sys
    2019-10-27 16:51 . 2019-10-27 16:49 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
    2019-10-27 16:51 . 2019-10-27 16:49 15,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nod32drv.sys
    2019-09-26 18:50 . 2000-11-07 18:09 2,803,200 --a------ C:\WINDOWS\SYSTEM32\mmtoolsx.OCX
    2019-09-26 18:50 . 2000-02-24 23:31 411,136 --a------ C:\WINDOWS\SYSTEM32\MMTYPESX.OCX
    2019-09-26 18:50 . 2008-04-06 18:26 21,840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
    2019-09-26 18:50 . 2008-04-06 18:26 17,212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
    2019-09-26 18:50 . 2008-04-06 18:26 12,067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
    2019-09-26 18:47 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\Profiles
    2019-09-26 18:46 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\speech
    2019-09-26 18:46 . 2007-12-29 17:39 <DIR> d-------- C:\ViaVoice
    2019-09-26 18:46 . 2000-03-13 13:44 200,704 --a------ C:\WINDOWS\SLSUNINST.EXE
    2019-09-26 18:46 . 1999-05-07 12:24 198,640 --a------ C:\WINDOWS\SYSTEM32\mci32.ocx
    2019-09-26 18:46 . 1999-05-07 12:24 140,288 --a------ C:\WINDOWS\SYSTEM32\COMDLG32.OCX
    2019-09-26 18:46 . 1999-05-07 12:24 82,960 --a------ C:\WINDOWS\SYSTEM32\PICCLP32.OCX
    2019-09-26 18:46 . 1999-03-11 09:47 32,768 --a------ C:\WINDOWS\SYSTEM32\SLSLic32.dll
    2019-09-26 18:46 . 2000-01-11 09:40 24,576 --a------ C:\WINDOWS\SYSTEM32\GUITOOLS.DLL
    2019-09-26 18:46 . 1999-12-21 12:00 18,944 --a------ C:\WINDOWS\SYSTEM32\VVRtkReg.dll
    2019-09-26 18:45 . 2019-09-26 18:45 <DIR> d-------- C:\OLDDRIVR
    2019-09-26 18:40 . 2019-09-26 18:40 <DIR> d-------- C:\Temp
    2019-09-26 18:40 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2019-09-16 22:16 . 2019-09-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2019-09-16 21:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
    2019-09-16 21:42 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
    2019-09-15 15:32 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
    2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
    2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
    2019-09-15 15:32 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
    2019-09-15 14:25 . 2008-09-20 22:47 <DIR> d-------- C:\Program Files\ESET
    2008-10-01 16:58 . 2008-10-01 16:58 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Malwarebytes
    2008-10-01 16:57 . 2008-10-01 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-01 16:57 . 2008-10-01 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-01 16:57 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-01 16:57 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-09-29 17:38 . 2008-09-29 17:39 968,196 --ahs---- C:\WINDOWS\SYSTEM32\bnsombhp.ini
    2008-09-28 17:57 . 2008-09-28 17:57 964,083 --ahs---- C:\WINDOWS\SYSTEM32\jpieggps.ini
    2008-09-28 16:19 . 2008-09-30 20:54 2,438 --a------ C:\Documents and Settings\Orph.egd
    2008-09-28 16:16 . 2008-09-30 20:55 <DIR> d-------- C:\ToolBar SD
    2008-09-28 12:33 . 2008-09-28 12:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-25 17:34 . 2008-09-26 17:35 953,268 --ahs---- C:\WINDOWS\SYSTEM32\kghguewa.ini
    2008-09-24 17:36 . 2008-09-25 16:40 875,070 --ahs---- C:\WINDOWS\SYSTEM32\wrtqcdby.ini
    2008-09-23 17:35 . 2008-09-24 17:36 896,090 --ahs---- C:\WINDOWS\SYSTEM32\vvxcjjjk.ini
    2008-09-23 16:14 . 2008-09-23 17:30 874,710 --ahs---- C:\WINDOWS\SYSTEM32\wjpmbfpm.ini
    2008-09-22 19:20 . 2008-09-30 16:51 582,825 --ahs---- C:\WINDOWS\SYSTEM32\fMWFgfii.ini
    2008-09-22 19:14 . 2008-09-23 16:08 534 --ahs---- C:\WINDOWS\SYSTEM32\renrnqnj.ini
    2008-09-21 12:45 . 2008-09-21 12:46 <DIR> d-------- C:\Program Files\CCleaner
    2008-09-21 11:52 . 2008-09-21 12:20 474 --ahs---- C:\WINDOWS\SYSTEM32\wkqbpkkw.ini
    2008-09-21 10:29 . 2008-09-21 10:29 578,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
    2008-09-21 10:14 . 2008-09-21 17:48 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Grisoft
    2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-09-20 17:50 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2008-09-19 18:51 . 2008-09-30 16:49 582,642 --ahs---- C:\WINDOWS\SYSTEM32\fMWFgfii.ini2
    2008-09-18 17:43 . 2008-09-19 19:56 2,684 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-09-17 18:26 . 2008-09-19 18:07 582,447 --ahs---- C:\WINDOWS\SYSTEM32\IhjiQqss.ini2
    2008-09-16 21:01 . 2008-09-16 21:01 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-09-15 20:58 . 2008-10-01 18:24 <DIR> d-------- C:\Program Files\World of Warcraft
    2008-09-15 20:58 . 2008-09-15 21:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-09-11 20:18 . 2008-09-11 20:18 <DIR> d-------- C:\Logs
    2008-09-05 18:21 . 2008-09-05 18:21 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
    2008-09-05 18:19 . 2008-09-23 17:04 <DIR> d-------- C:\ProgramData
    2008-09-05 18:19 . 2008-09-05 18:22 2,004 --a------ C:\WINDOWS\SYSTEM32\ealregsnapshot1.reg

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2019-10-27 20:31 --------- d-----w C:\Program Files\Symantec
    2019-10-27 20:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2019-09-26 22:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-30 22:14 --------- d-----w C:\Documents and Settings\Vianney St. Pierre\Application Data\Azureus
    2008-09-23 20:33 --------- d-----w C:\Program Files\Autodesk
    2008-09-13 12:34 --------- d-----w C:\Program Files\PowerISO
    2008-09-11 00:01 --------- d-----w C:\Program Files\Common Files\ACD Systems
    2008-09-11 00:01 --------- d-----w C:\Program Files\ACD Systems
    2008-09-10 22:06 --------- d-----w C:\Program Files\Common Files\Real
    2008-09-10 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
    2008-09-05 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-27 01:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2008-08-26 19:35 --------- d-----w C:\Program Files\Azureus
    2008-08-26 17:25 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-03 15:45 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
    2008-08-03 15:45 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-17 16:55 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-03-31 03:27 6,327,225 ----a-w C:\Program Files\ir2007.qtd
    2008-03-30 17:55 510,243 ----a-w C:\Program Files\pa2007.bmd
    2008-03-30 17:55 339,649 ----a-w C:\Program Files\ir2007.sro
    2008-03-30 17:54 270,336 ----a-w C:\Program Files\ir2007at.dll
    2008-03-30 17:54 1,028,096 ----a-w C:\Program Files\ir2007ir.dll
    2008-02-06 22:32 2,982,966 ----a-w C:\Program Files\ir2007.chm
    2008-01-06 16:25 491,520 ----a-w C:\Program Files\TlTran32.dll
    2008-01-06 16:25 20,489 ----a-w C:\Program Files\qttxl.chm
    2008-01-06 16:25 1,024,000 ----a-w C:\Program Files\qttxl32.dll
    2008-01-03 20:34 69,632 ----a-w C:\Program Files\pa233597.dll
    2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa895078.dll
    2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa346689.dll
    2008-01-03 19:31 1,892,352 ----a-w C:\Program Files\ic2007xe.dll
    2008-01-03 19:30 26,624 ----a-w C:\Program Files\ic2007xam.dll
    2008-01-03 19:29 69,632 ----a-w C:\Program Files\ic2007pp.dll
    2008-01-03 19:29 688,128 ----a-w C:\Program Files\python21.dll
    2008-01-03 19:29 643,072 ----a-w C:\Program Files\ECLActiveX.ocx
    2008-01-03 19:29 401,408 ----a-w C:\Program Files\MRQ_R4S001D07.dll
    2008-01-03 19:29 31,232 ----a-w C:\Program Files\ic2007ac.dll
    2008-01-03 19:29 200,704 ----a-w C:\Program Files\ic2007ne.dll
    2008-01-03 19:29 163,840 ----a-w C:\Program Files\IDAutomationDMATRIX6.DLL
    2008-01-03 19:29 1,867,776 ----a-w C:\Program Files\ic2007xa.dll
    2008-01-03 19:27 114,688 ----a-w C:\Program Files\IDAutomationPDF417e.dll
    2008-01-03 19:15 2,003,644 ----a-w C:\Program Files\ir2007.lif
    2008-01-03 17:18 101 ----a-w C:\Program Files\aw.awa
    2007-12-18 00:09 5,940,520 ----a-w C:\Program Files\impotnet.chm
    2005-05-13 19:44 149 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 147456]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 28672]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2019-10-27 949376]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "ZipGenius Clean"="C:\WINDOWS\zg.exe" [2002-09-04 180736]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-15 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=kwaagl.dll titiuh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifgFWMf

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "C:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "C:\\Program Files\\World of Warcraft\\Repair.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 HPSPAR01;HPSPAR01;C:\WINDOWS\system32\drivers\HPSPAR01.SYS [1999-06-02 36128]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{4FBEE7B7-DC1B-4F77-AF6E-7992BDFE1056} - C:\WINDOWS\system32\iifgFWMf.dll
    BHO-{9303f0d2-f3a8-40d1-9365-f7d14560dfa7} - C:\WINDOWS\system32\kwaagl.dll


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1222038549&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
    R0 -: HKLM-Main,Window Title =
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O17 -: HKLM\CCS\Interface\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 16:50:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Completion time: 2008-10-02 16:54:21
    ComboFix-quarantined-files.txt 2008-10-02 20:54:10

    Pre-Run: 7,044,476,928 bytes free
    Post-Run: 7,057,108,992 bytes free

    222 --- E O F --- 2008-09-11 00:12:02





    Le rapport hijack


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:06:56, on 2008-10-02
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\basfipm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7284CC-6B63-47A9-AE2E-531893DF113D}: NameServer = 67.69.184.75,67.69.184.227
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
    O20 - AppInit_DLLs: kwaagl.dll titiuh.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 6059 bytes

    3 Octobre 2008 23:28:17

    bonsoir

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\SYSTEM32\bnsombhp.ini
    C:\WINDOWS\SYSTEM32\jpieggps.ini
    C:\WINDOWS\SYSTEM32\kghguewa.ini
    C:\WINDOWS\SYSTEM32\wrtqcdby.ini
    C:\WINDOWS\SYSTEM32\vvxcjjjk.ini
    C:\WINDOWS\SYSTEM32\wjpmbfpm.ini
    C:\WINDOWS\SYSTEM32\fMWFgfii.ini
    C:\WINDOWS\SYSTEM32\renrnqnj.ini
    C:\WINDOWS\SYSTEM32\wkqbpkkw.ini
    C:\WINDOWS\SYSTEM32\fMWFgfii.ini2
    C:\WINDOWS\SYSTEM32\tmp.reg
    C:\WINDOWS\SYSTEM32\IhjiQqss.ini2


    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ++++++++++++++++++

    C:\WINDOWS\system32\drivers\HPSPAR01.SYS

    Note :
    Citation :
    Pour afficher les dossiers et fichiers cachés du système:
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.


    Virusscan
    Analyse ce fichier :

    C:\WINDOWS\system32\drivers\HPSPAR01.SYS

    Sur le site de virusscan

    http://virusscan.jotti.org/

    poste-nous le rapport.

    5 Octobre 2008 04:15:59

    Salut

    Lorsque j'ai glisser le fichier CFScript.txt dans combofix il ne mon pas demander de choisir une option. Seule un fenetre c'est ouverte inscrivant qu'il y avait une update de combofix. Apres l'avoir fait un scan a été effectué et un rapport a été généré. J'ai refait l'étape et il m'inscrivait encore qu'il avait une update j'ai donc dis non et partis une analyse apres un nouveau rapport c'est ouvert et le voici:



    ComboFix 08-10-04.05 - Vianney St. Pierre 2008-10-04 21:40:47.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.180 [GMT -4:00]
    Running from: C:\Documents and Settings\Vianney St. Pierre\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Vianney St. Pierre\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\SYSTEM32\bnsombhp.ini
    C:\WINDOWS\SYSTEM32\fMWFgfii.ini
    C:\WINDOWS\SYSTEM32\fMWFgfii.ini2
    C:\WINDOWS\SYSTEM32\IhjiQqss.ini2
    C:\WINDOWS\SYSTEM32\jpieggps.ini
    C:\WINDOWS\SYSTEM32\kghguewa.ini
    C:\WINDOWS\SYSTEM32\renrnqnj.ini
    C:\WINDOWS\SYSTEM32\tmp.reg
    C:\WINDOWS\SYSTEM32\vvxcjjjk.ini
    C:\WINDOWS\SYSTEM32\wjpmbfpm.ini
    C:\WINDOWS\SYSTEM32\wkqbpkkw.ini
    C:\WINDOWS\SYSTEM32\wrtqcdby.ini
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
    .

    2019-10-27 16:51 . 2019-10-27 16:49 512,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amon.sys
    2019-10-27 16:51 . 2019-10-27 16:49 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
    2019-10-27 16:51 . 2019-10-27 16:49 15,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nod32drv.sys
    2019-09-26 18:50 . 2000-11-07 18:09 2,803,200 --a------ C:\WINDOWS\SYSTEM32\mmtoolsx.OCX
    2019-09-26 18:50 . 2000-02-24 23:31 411,136 --a------ C:\WINDOWS\SYSTEM32\MMTYPESX.OCX
    2019-09-26 18:50 . 2008-04-06 18:26 21,840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
    2019-09-26 18:50 . 2008-04-06 18:26 17,212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
    2019-09-26 18:50 . 2008-04-06 18:26 12,067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
    2019-09-26 18:47 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\Profiles
    2019-09-26 18:46 . 2019-09-26 18:47 <DIR> d-------- C:\WINDOWS\speech
    2019-09-26 18:46 . 2007-12-29 17:39 <DIR> d-------- C:\ViaVoice
    2019-09-26 18:46 . 2000-03-13 13:44 200,704 --a------ C:\WINDOWS\SLSUNINST.EXE
    2019-09-26 18:46 . 1999-05-07 12:24 198,640 --a------ C:\WINDOWS\SYSTEM32\mci32.ocx
    2019-09-26 18:46 . 1999-05-07 12:24 140,288 --a------ C:\WINDOWS\SYSTEM32\COMDLG32.OCX
    2019-09-26 18:46 . 1999-05-07 12:24 82,960 --a------ C:\WINDOWS\SYSTEM32\PICCLP32.OCX
    2019-09-26 18:46 . 1999-03-11 09:47 32,768 --a------ C:\WINDOWS\SYSTEM32\SLSLic32.dll
    2019-09-26 18:46 . 2000-01-11 09:40 24,576 --a------ C:\WINDOWS\SYSTEM32\GUITOOLS.DLL
    2019-09-26 18:46 . 1999-12-21 12:00 18,944 --a------ C:\WINDOWS\SYSTEM32\VVRtkReg.dll
    2019-09-26 18:45 . 2019-09-26 18:45 <DIR> d-------- C:\OLDDRIVR
    2019-09-26 18:40 . 2019-09-26 18:40 <DIR> d-------- C:\Temp
    2019-09-26 18:40 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2019-09-16 22:16 . 2019-09-16 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2019-09-16 21:58 . 2008-08-26 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
    2019-09-16 21:42 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
    2019-09-15 15:32 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
    2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
    2019-09-15 15:32 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
    2019-09-15 15:32 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
    2019-09-15 14:25 . 2008-09-20 22:47 <DIR> d-------- C:\Program Files\ESET
    2008-10-01 16:58 . 2008-10-01 16:58 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Malwarebytes
    2008-10-01 16:57 . 2008-10-01 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-01 16:57 . 2008-10-01 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-01 16:57 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-01 16:57 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-09-28 16:19 . 2008-09-30 20:54 2,438 --a------ C:\Documents and Settings\Orph.egd
    2008-09-28 16:16 . 2008-09-30 20:55 <DIR> d-------- C:\ToolBar SD
    2008-09-28 12:33 . 2008-09-28 12:33 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-21 12:45 . 2008-09-21 12:46 <DIR> d-------- C:\Program Files\CCleaner
    2008-09-21 10:29 . 2008-09-21 10:29 578,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
    2008-09-21 10:14 . 2008-09-21 17:48 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\Vianney St. Pierre\Application Data\Grisoft
    2008-09-20 17:50 . 2008-09-20 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-09-20 17:50 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2008-09-16 21:01 . 2008-09-16 21:01 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-09-15 20:58 . 2008-10-03 20:58 <DIR> d-------- C:\Program Files\World of Warcraft
    2008-09-15 20:58 . 2008-09-15 21:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-09-11 20:18 . 2008-09-11 20:18 <DIR> d-------- C:\Logs
    2008-09-05 18:21 . 2008-09-05 18:21 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
    2008-09-05 18:19 . 2008-09-23 17:04 <DIR> d-------- C:\ProgramData
    2008-09-05 18:19 . 2008-09-05 18:22 2,004 --a------ C:\WINDOWS\SYSTEM32\ealregsnapshot1.reg

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2019-10-27 20:31 --------- d-----w C:\Program Files\Symantec
    2019-10-27 20:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2019-09-26 22:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-30 22:14 --------- d-----w C:\Documents and Settings\Vianney St. Pierre\Application Data\Azureus
    2008-09-23 20:33 --------- d-----w C:\Program Files\Autodesk
    2008-09-13 12:34 --------- d-----w C:\Program Files\PowerISO
    2008-09-11 00:01 --------- d-----w C:\Program Files\Common Files\ACD Systems
    2008-09-11 00:01 --------- d-----w C:\Program Files\ACD Systems
    2008-09-10 22:06 --------- d-----w C:\Program Files\Common Files\Real
    2008-09-10 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
    2008-09-05 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-27 01:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2008-08-26 19:35 --------- d-----w C:\Program Files\Azureus
    2008-08-26 17:25 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-03 15:45 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
    2008-08-03 15:45 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-17 16:55 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-03-31 03:27 6,327,225 ----a-w C:\Program Files\ir2007.qtd
    2008-03-30 17:55 510,243 ----a-w C:\Program Files\pa2007.bmd
    2008-03-30 17:55 339,649 ----a-w C:\Program Files\ir2007.sro
    2008-03-30 17:54 270,336 ----a-w C:\Program Files\ir2007at.dll
    2008-03-30 17:54 1,028,096 ----a-w C:\Program Files\ir2007ir.dll
    2008-02-06 22:32 2,982,966 ----a-w C:\Program Files\ir2007.chm
    2008-01-06 16:25 491,520 ----a-w C:\Program Files\TlTran32.dll
    2008-01-06 16:25 20,489 ----a-w C:\Program Files\qttxl.chm
    2008-01-06 16:25 1,024,000 ----a-w C:\Program Files\qttxl32.dll
    2008-01-03 20:34 69,632 ----a-w C:\Program Files\pa233597.dll
    2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa895078.dll
    2008-01-03 20:34 27,648 ----a-w C:\Program Files\pa346689.dll
    2008-01-03 19:31 1,892,352 ----a-w C:\Program Files\ic2007xe.dll
    2008-01-03 19:30 26,624 ----a-w C:\Program Files\ic2007xam.dll
    2008-01-03 19:29 69,632 ----a-w C:\Program Files\ic2007pp.dll
    2008-01-03 19:29 688,128 ----a-w C:\Program Files\python21.dll
    2008-01-03 19:29 643,072 ----a-w C:\Program Files\ECLActiveX.ocx
    2008-01-03 19:29 401,408 ----a-w C:\Program Files\MRQ_R4S001D07.dll
    2008-01-03 19:29 31,232 ----a-w C:\Program Files\ic2007ac.dll
    2008-01-03 19:29 200,704 ----a-w C:\Program Files\ic2007ne.dll
    2008-01-03 19:29 163,840 ----a-w C:\Program Files\IDAutomationDMATRIX6.DLL
    2008-01-03 19:29 1,867,776 ----a-w C:\Program Files\ic2007xa.dll
    2008-01-03 19:27 114,688 ----a-w C:\Program Files\IDAutomationPDF417e.dll
    2008-01-03 19:15 2,003,644 ----a-w C:\Program Files\ir2007.lif
    2008-01-03 17:18 101 ----a-w C:\Program Files\aw.awa
    2007-12-18 00:09 5,940,520 ----a-w C:\Program Files\impotnet.chm
    2005-05-13 19:44 149 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 147456]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2002-12-17 360448]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 28672]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2019-10-27 949376]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "ZipGenius Clean"="C:\WINDOWS\zg.exe" [2002-09-04 180736]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-15 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "C:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "C:\\Program Files\\World of Warcraft\\Repair.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R2 HPSPAR01;HPSPAR01;C:\WINDOWS\system32\drivers\HPSPAR01.SYS [1999-06-02 36128]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-04 21:43:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Completion time: 2008-10-04 21:46:15
    ComboFix-quarantined-files.txt 2008-10-05 01:46:01
    ComboFix2.txt 2008-10-05 01:32:26
    ComboFix3.txt 2008-10-02 20:54:23

    Pre-Run: 6,983,237,632 bytes free
    Post-Run: 6,969,131,008 bytes free

    208 --- E O F --- 2008-09-11 00:12:02





    Scanner results

    Scan taken on 05 Oct 2008 02:02:46 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    G DATA Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Statistics
    Last file scanned at least one scanner reported something about: tcp.exe (MD5: ec3c1e36e14fc9f9c5a3318b503bcf8e, size: 1135411 bytes), detected by:

    Scanner Malware name
    A-Squared X
    AntiVir HEUR/Crypted
    ArcaVir Trojan.Dropper.Vb.Ffk
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web X
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    G DATA X
    Ikarus X
    Kaspersky Anti-Virus X
    NOD32 probably a variant of Win32/Genetik
    Norman Virus Control X
    Panda Antivirus X
    Sophos Antivirus X
    VirusBuster X
    VBA32 Trojan-Dropper.Win32.VB.ffo


    5 Octobre 2008 16:56:58

    bonjour

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    ++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    5 Octobre 2008 23:04:13

    Bonjour !



    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, October 5, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, October 05, 2008 16:40:34
    Records in database: 1292718


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\

    Scan statistics
    Files scanned 52079
    Threat name 8
    Infected objects 9
    Suspicious objects 0
    Duration of the scan 01:49:34

    File name Threat name Threats count
    C:\Program Files\ESET\infected\3J33SICA.NQF Infected: Trojan.Win32.Monder.pyg 1

    C:\Program Files\ESET\infected\542MH4AA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.ehe 1

    C:\Program Files\ESET\infected\ATCO5DDA.NQF Infected: Backdoor.Win32.Frauder.fk 1

    C:\Program Files\ESET\infected\GFA53MDA.NQF Infected: Backdoor.Win32.SdBot.eiu 1

    C:\Program Files\ESET\infected\JLPB0JAA.NQF Infected: Trojan.Win32.Vapsup.lxf 1

    C:\Program Files\ESET\infected\M202BXAA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.eex 1

    C:\Program Files\ESET\infected\NVOO5BCA.NQF Infected: Trojan.Win32.Monder.pyg 1

    C:\Program Files\ESET\infected\UCFA3YAA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.efa 1

    C:\WINDOWS\SYSTEM32\mswinsck.ocx Infected: Backdoor.Win32.VB.fnl 1

    The selected area was scanned.
    6 Octobre 2008 20:04:16

    re

    supprime:
    C:\WINDOWS\SYSTEM32\mswinsck.ocx

    vide la quarantaine de Nod32

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    6 Octobre 2008 23:09:29

    Merci Beaucoup !!!

    Tu m'a été d'une grande d'aide. Je te remercie mille fois pour avoir pris le temps de m'aidé.

    Bye bye et bonne journée !

    7 Octobre 2008 20:51:11

    de rien
    bon surf ;O)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS