Se connecter / S'enregistrer
Votre question

Malware : file.bat infecté qui revient tjs !!!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Octobre 2008 17:37:57

Bonjour à tous.
Avant que je n'ai plus de cheveux à force de me les arracher avec ce $ù§?#@ de virus, jeprend le clavier pour vous demander votre aide.
Cela fait qq jours que Avast me trouve une infection :
fichier => WINDOWS\fil.bat
logiciel malveillant => VBS:Malware-gen
Que je le mette en quarantaine ou que je le supprime, le teigneux revient toujours à chaque démarrage.
Le PC ne montre pas de signes d'infection particuliers (je croise les doigts).

Je mets une copie du rapport Hijackthis et vous remercie d'avance pour vos réponses !

Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:50, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
I:\Program Files\Saitek\Software\Profiler.exe
I:\Program Files\Saitek\Software\SaiSmart.exe
I:\Program Files\Saitek\Software\SaiMfd.exe
I:\WINDOWS\system32\rundll32.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\services.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
I:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\François\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://I%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nTrayFw] I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "I:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ASUS Probe] I:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "I:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Profiler] I:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] I:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] I:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "I:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [services] I:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ChristmasTree] I:\Program Files\ChristmasTree\ChristmasTree.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy1.5.2\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUpl...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10391 bytes

Autres pages sur : malware file bat infecte revient tjs

a b 8 Sécurité
5 Octobre 2008 17:53:45

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    5 Octobre 2008 18:38:55

    Merci Angeldark pour ton aide.
    Voici donc le rapport de combofix :
    Citation :
    ComboFix 08-10-04.07 - François 2008-10-05 18:32:55.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.571 [GMT 2:00]
    Lancé depuis: I:\Documents and Settings\François\Bureau\ComboFix.exe
    Commutateurs utilisés :: I:\Documents and Settings\François\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\Documents and Settings\Aurélie\Cookies\aurélie@edt02[2].txt
    I:\Documents and Settings\Aurélie\Cookies\aurélie@fr.ebayrtm[1].txt
    I:\Documents and Settings\Aurélie\Cookies\aurélie@tracker.affistats[1].txt
    I:\Documents and Settings\François\Cookies\françois@edt02[3].txt
    I:\Documents and Settings\François\Cookies\françois@fr.ebayrtm[1].txt
    I:\Documents and Settings\François\real.txt
    I:\WINDOWS\services.exe
    I:\WINDOWS\system32\dao350.dll
    I:\WINDOWS\system32\MSINET.oca
    I:\WINDOWS\system32\t.txt

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-05 17:42 . 2008-10-05 17:42 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-10-05 17:42 . 2008-10-05 17:42 <REP> d-------- I:\Documents and Settings\François\Application Data\Malwarebytes
    2008-10-05 17:42 . 2008-10-05 17:42 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-05 17:42 . 2008-09-10 00:04 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-05 17:42 . 2008-09-10 00:03 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-10-04 11:55 . 2008-10-04 11:55 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-10-02 21:30 . 2008-10-02 21:30 54,156 --ah----- I:\WINDOWS\QTFont.qfn
    2008-10-02 21:30 . 2008-10-02 21:30 1,409 --a------ I:\WINDOWS\QTFont.for
    2008-09-27 20:28 . 2008-09-27 20:40 <REP> d-------- I:\Program Files\AB-DepotVente80

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-04 21:57 --------- d-----w I:\Documents and Settings\François\Application Data\Azureus
    2008-10-04 09:56 --------- d-----w I:\Program Files\Lavasoft
    2008-10-04 09:54 --------- d-----w I:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-02 19:18 --------- d-----w I:\Program Files\Azureus
    2008-10-02 19:14 --------- d-----w I:\Program Files\PowerArchiver
    2008-09-06 17:20 --------- d-----w I:\Documents and Settings\Aurélie\Application Data\Ahead
    2008-09-02 20:13 --------- d-----w I:\Documents and Settings\Aurélie\Application Data\vlc
    2008-08-31 09:26 --------- d-----w I:\Program Files\eMule
    2008-08-08 16:55 --------- d-----w I:\Program Files\Microsoft Silverlight
    2008-02-19 18:02 15,397 ----a-w I:\Program Files\settings.dat
    2008-01-23 17:50 28,080 ----a-w I:\Documents and Settings\François\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-07 13:40 27,688 ----a-w I:\Documents and Settings\Aurélie\Application Data\GDIPFONTCACHEV1.DAT
    2007-08-05 13:25 87,608 ----a-w I:\Documents and Settings\François\Application Data\ezpinst.exe
    2007-08-05 13:25 47,360 ----a-w I:\Documents and Settings\François\Application Data\pcouffin.sys
    2007-05-04 20:40 94,080 ----a-w I:\Documents and Settings\François\Application Data\ezplay.sys
    2007-01-28 12:30 54 ----a-w I:\Program Files\delir.gio
    2006-03-11 10:35 54 ----a-w I:\Program Files\Fichiers communs\appop.log
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "updateMgr"="I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
    "nTrayFw"="I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
    "NVIDIA nTune"="I:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
    "ASUS Probe"="I:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
    "Launch Ai Booster"="I:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
    "RemoteControl"="I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "WINCINEMAMGR"="I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
    "Profiler"="I:\Program Files\Saitek\Software\Profiler.exe" [2004-10-13 159744]
    "SaiSmart"="I:\Program Files\Saitek\Software\SaiSmart.exe" [2004-10-13 98304]
    "SaiMfd"="I:\Program Files\Saitek\Software\SaiMfd.exe" [2004-10-13 135168]
    "NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "DiskeeperSystray"="I:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
    "avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2006-09-26 282624]
    "TkBellExe"="I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-01 185896]
    "NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
    "nwiz"="nwiz.exe" [2006-10-22 I:\WINDOWS\system32\nwiz.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-11-15 I:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 44544]

    I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    InterVideo WinCinema Manager.lnk - I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-03-11 270336]
    Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    NETGEAR WG111T Smart Wizard.lnk - I:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2006-09-15 491608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VP40"= vp4vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "<NO NAME>"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 ivicd;Ivi CDVD Filter Driver;I:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 38784]
    R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;I:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2005-01-07 286720]
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;I:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 43392]
    S3 cg;cg;J:\Programmes\Systeme\ClockGen-NForce4\cg.sys [ ]
    S3 cpuz;cpuz;I:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\cpuz.sys [ ]
    S3 CrystalCpuInfo;CrystalCpuInfo;I:\Program Files\OCCT\CpuInfo.sys [2003-11-25 3151]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;I:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
    S3 iviudf;iviudf;I:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
    S3 SaiH5509;SaiH5509;I:\WINDOWS\system32\DRIVERS\SaiH5509.sys [2004-10-14 56704]
    S3 SaiU5509;SaiU5509;I:\WINDOWS\system32\DRIVERS\SaiU5509.sys [2004-10-14 19712]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfb7d44-de4a-11dc-add3-0013d4f81043}]
    \Shell\Auto\command - lsaarsheb.exe
    \Shell\AutoRun\command - I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lsaarsheb.exe

    *Newly Created Service* - PROCEXP90
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.free.fr/
    R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O8 -: E&xporter vers Microsoft Excel - I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O17 -: HKLM\CCS\Interface\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252

    O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    I:\WINDOWS\Downloaded Program Files\FileUploader.inf
    I:\WINDOWS\Downloaded Program Files\FileUploader.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-05 18:34:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-05 18:35:21
    ComboFix-quarantined-files.txt 2008-10-05 16:35:05

    Avant-CF: 5 985 665 024 octets libres
    Après-CF: 6,991,048,704 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    I:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    157 --- E O F --- 2008-03-29 08:24:57
    Contenus similaires
    a b 8 Sécurité
    5 Octobre 2008 18:43:11

    Reposte un rapport Hijackthis.
    5 Octobre 2008 22:02:21

    Le voici :



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:01:43, on 05/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    I:\Program Files\Saitek\Software\Profiler.exe
    I:\Program Files\Saitek\Software\SaiSmart.exe
    I:\Program Files\Saitek\Software\SaiMfd.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    I:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    I:\WINDOWS\explorer.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\Documents and Settings\François\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://I%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nTrayFw] I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [NVIDIA nTune] "I:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [ASUS Probe] I:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Launch Ai Booster] "I:\Program Files\ASUS\Ai Booster\OverClk.exe"
    O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WINCINEMAMGR] "I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Profiler] I:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] I:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] I:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "I:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1606980848-1645522239-839522115-1004\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe (User 'Aurélie')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUpl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9895 bytes
    6 Octobre 2008 21:01:13

    Très éloquent la comparaison Antivir vs Avast.....

    Voici donc le rapport d'Antivir :



    Avira AntiVir Personal
    Report file date: lundi 6 octobre 2008 18:57

    Scanning for 1664700 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: FRANCOIS-95290

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 16:55:53
    ANTIVIR3.VDF : 7.0.7.1 279552 Bytes 06/10/2008 16:55:55
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 06/10/2008 16:56:06
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 06/10/2008 16:56:05
    AEPACK.DLL : 8.1.2.3 364918 Bytes 06/10/2008 16:56:03
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 06/10/2008 16:56:02
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 06/10/2008 16:56:01
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 06/10/2008 16:55:57
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 06/10/2008 16:55:56
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 06/10/2008 16:55:55
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:, I:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 6 octobre 2008 18:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
    Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
    Scan process 'wlan111t.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'DkService.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SaiMfd.exe' - '1' Module(s) have been scanned
    Scan process 'SaiSmart.exe' - '1' Module(s) have been scanned
    Scan process 'Profiler.exe' - '1' Module(s) have been scanned
    Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'AsusProb.exe' - '1' Module(s) have been scanned
    Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '67' files ).


    Starting the file scan:

    Begin scan in 'D:\' <Stockage>
    D:\Programmes\Systeme\diskeeper10\Executive.Diskeeper.Professional.Premier.Edition.v10.0.593.Retail-IND.rar
    [0] Archive type: RAR
    --> Executive.Diskeeper.Professional.Premier.Edition.v10.0.593.Retail-IND\IND.r08
    [1] Archive type: RAR
    --> IND.nfo
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    D:\Programmes\Systeme\diskeeper10\Executive.Diskeeper.Professional.Premier.Edition.v10.0.593.Retail-IND\IND.r08
    [0] Archive type: RAR
    --> IND.nfo
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'I:\'
    I:\pagefile.sys
    [WARNING] The file could not be opened!
    I:\Documents and Settings\François\Mes documents\MSNCleaner 1.5.6[www.msncreative.net].zip
    [0] Archive type: ZIP
    --> MSNCleaner[www.msncreative.net].exe
    [DETECTION] Is the TR/Small.167424.A Trojan
    [NOTE] The file was moved to '49384f87.qua'!
    I:\QooBox\Quarantine\I\WINDOWS\services.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Joleee.AO worm
    [NOTE] The file was moved to '495c53b7.qua'!


    End of the scan: lundi 6 octobre 2008 20:11
    Used time: 1:14:05 Hour(s)

    The scan has been done completely.

    7435 Scanning directories
    424994 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    424991 Files not concerned
    2744 Archives were scanned
    7 Warnings
    2 Notes

    a b 8 Sécurité
    6 Octobre 2008 21:10:05

    Reposte un rapport Hijackthis.
    6 Octobre 2008 23:03:18

    Le voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:02:58, on 06/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    I:\Program Files\ASUS\Asus Probe\AsusProb.exe
    I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    I:\Program Files\Saitek\Software\Profiler.exe
    I:\Program Files\Saitek\Software\SaiSmart.exe
    I:\Program Files\Saitek\Software\SaiMfd.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    I:\WINDOWS\SOUNDMAN.EXE
    I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\Program Files\Messenger\msmsgs.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    I:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    I:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    I:\Documents and Settings\François\Mes documents\Hi_Jack_This.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://I%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (I:\Documents and Settings\FRANÇOIS\Application Data\Mozilla\Profiles\default\onixof3e.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nTrayFw] I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [NVIDIA nTune] "I:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [ASUS Probe] I:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Launch Ai Booster] "I:\Program Files\ASUS\Ai Booster\OverClk.exe"
    O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WINCINEMAMGR] "I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Profiler] I:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] I:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] I:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "I:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUpl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E6B36F8-1D0B-4AA5-AC6E-B2B0107BB277}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - I:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9991 bytes
    a b 8 Sécurité
    7 Octobre 2008 12:44:26

    Encore des soucis ?
    7 Octobre 2008 13:39:33

    Non a priori c'est bon :bounce: 

    Un grand merci à toi pour ton assistance ;) 

    Comme quoi, ça va beaucoup plus vite quand on va chercher des personnes compétentes !
    a b 8 Sécurité
    7 Octobre 2008 13:44:01

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS