Votre question

TR/Crypt.FKM.Gen - Trojan

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Septembre 2008 14:53:12

Bonjour à tous !!!


Je pense que vous avez dejà été sollicité par ce sujet ,mais voilà antivir me signale toujours ce trojan :TR/Crypt.FKM.Gen ,quoi que je fasse il est toujours présent quand j'ouvre mon poste de travail par exemple.
Quand je navigue avec mozilla j ai une fentre internet explorer qui s ouvre furtivement en haut a gauche de mon ecran ,et je perd le control de ma fenetre mozilla trés souvent.

1) Ma premiere question est :a quoi sert ce trojan ?
2) Ma seconde : comment s'en debarrasser?

JE VOUS REMERCIS D AVANCE !!!!!

Autres pages sur : crypt fkm gen trojan

24 Septembre 2008 15:11:29

voilà ce que dis hijack :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:08, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: rightonadz browser enhancer - {794bc104-eedb-e30c-53b4-c056ec8162b3} - C:\WINDOWS\system32\dvjuocllkzdy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsk1550.dll
O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nsg1F.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com
O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [upaufpvdzoiibty] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dvjuocllkzdy.dll" EntryPoint
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...

--
End of file - 6837 bytes
a b 8 Sécurité
24 Septembre 2008 15:27:09

Bonjour,

A quoi sert-il ? A te faire chier tout simplement en te balançant de la pub.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    24 Septembre 2008 18:27:46

    Merci DARKANGEL !!!!

    J'ai démaré en mode sans echec et j ai fais le scan avec MBAM ,j ai suprimer les sélectionés...Mais j ai toujours ce trojan ...


    Voici le rapport de mdam :

    Malwarebytes' Anti-Malware 1.28
    Database version: 1201
    Windows 5.1.2600 Service Pack 2

    24/09/2008 18:12:51
    mbam-log-2008-09-24 (18-12-51).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 87083
    Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 35
    Registry Values Infected: 10
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 24

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\optimizer.adssite2 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{b4094603-dda9-4caf-9b13-0ad1034c9c53} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{48dc6ffb-64d7-42e8-949d-8ef2641eb73a} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\optimizer.adssite2.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ProtectionComplete (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{794bc104-eedb-e30c-53b4-c056ec8162b3} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c535e9e0-1204-56a2-58f3-676fd1c85848} (Adware.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart(1) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upaufpvdzoiibty (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nsk1550.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0026936.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027361.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027399.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027407.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027408.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027409.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP157\A0027410.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027645.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP158\A0027646.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP163\A0028334.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030982.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030983.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E1F64400-8462-4B75-B3EE-06242DF0DF65}\RP167\A0030984.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dvjuocllkzdy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nss8C.dll (Adware.BHO) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    24 Septembre 2008 19:11:13

    Reposte un rapport Hijackthis.
    24 Septembre 2008 19:13:37

    MERCI DARK !!

    Voila le rapport hijack:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:12:48, on 24/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\SMSTray.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Labtec\WebCam10\WebCam10.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: adssite - {c535e9e0-1204-56a2-58f3-676fd1c85848} - C:\WINDOWS\system32\nstC.dll
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
    O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...

    --
    End of file - 5790 bytes
    a b 8 Sécurité
    24 Septembre 2008 19:21:15

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    25 Septembre 2008 01:31:31

    Merci DARK !!!!

    voici le rapport :


    ComboFix 08-09-24.07 - Propri‚taire 2008-09-25 1:21:33.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propri‚taire\ResErrors.log
    C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
    C:\Documents and Settings\Propriétaire\Application Data\Adssite Advanced Toolbar\selected.xml
    C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
    C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\SpyShredder.lnk
    C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\SpyShredder\Uninstall.lnk
    C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
    C:\WINDOWS\system32\adssite-remove.exe
    C:\WINDOWS\system32\gzmrt.dll
    C:\WINDOWS\system32\mdm.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DHLP


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
    2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
    2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
    2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
    2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
    2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
    2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
    2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
    2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
    2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
    2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
    2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
    2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
    2008-09-19 03:07 . 2008-09-19 03:30 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
    2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
    2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
    2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe
    2008-09-04 14:05 . 2008-09-04 14:05 350,208 --a------ C:\WINDOWS\system32\nstC.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-24 23:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
    2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
    2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
    2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
    2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-09-16 11:53 --------- d-----w C:\Program Files\Java
    2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
    2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
    2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
    2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
    2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
    2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
    2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]
    2008-09-04 14:05 350208 --a------ C:\WINDOWS\system32\nstC.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
    "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
    "LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
    "vidc.dvsd"= pdvcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
    "Debugger"=ntsd -d

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    --a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    --a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\WINDOWS\\system32\\muzapp.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
    S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll
    MSConfigStartUp-ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    MSConfigStartUp-Autoconfigurateur WiFi Neuf - C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    MSConfigStartUp-D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe


    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-25 01:25:22
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\syxceudk]
    "ImagePath"="system32\drivers\monnvpxa.dat"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\searchprotocolhost.exe
    C:\WINDOWS\system32\searchfilterhost.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-25 1:28:36 - La machine a redémarré [Propri‚taire]
    ComboFix-quarantined-files.txt 2008-09-24 23:28:33

    Avant-CF: 104ÿ567ÿ533ÿ568 octets libres
    Après-CF: 104,502,018,048 octets libres

    215 --- E O F --- 2008-09-20 17:10:46
    25 Septembre 2008 15:12:35

    Le probleme a semble t il été réglé par combo fix !!!


    GRAND MERCI à TOI DARKANGEL !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    a b 8 Sécurité
    25 Septembre 2008 17:13:23

    Ce n'est pas terminé.

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\nstC.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c535e9e0-1204-56a2-58f3-676fd1c85848}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    27 Septembre 2008 17:04:03

    Re... DARK !!!

    En effet ce n était pas terminé ,aprés avoir fais glissé le fichier comme ci dessus ,voici le rapport de combo :

    ComboFix 08-09-26.06 - Propri‚taire 2008-09-27 17:00:50.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.283 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\nstC.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propri‚taire\Application Data\urlredir.cfg
    C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-24 17:28 . 2008-09-24 17:28 0 --a------ C:\WINDOWS\nsreg.dat
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-09-24 17:03 . 2007-05-18 10:17 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-09-24 17:03 . 2007-05-18 11:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-24 17:03 . 2008-09-24 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-24 17:03 . 2008-09-24 17:03 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-24 16:54 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
    2008-09-24 16:54 . 2008-09-24 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-24 16:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-24 16:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-21 13:35 . 2008-09-21 13:35 <REP> d-------- C:\WINDOWS\Sun
    2008-09-21 13:35 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Sun
    2008-09-20 14:04 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
    2008-09-20 14:04 . 2007-03-06 17:49 491,168 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2008-09-20 14:04 . 2008-07-26 17:26 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
    2008-09-20 14:04 . 2008-07-26 17:26 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2008-09-20 14:04 . 2008-07-26 17:23 416,280 --a------ C:\WINDOWS\system32\LVCodec2.dll
    2008-09-20 14:04 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
    2008-09-20 14:04 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
    2008-09-20 14:04 . 2007-03-06 16:02 51,370 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2008-09-20 14:04 . 2008-07-26 17:26 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2008-09-20 14:04 . 2007-03-06 16:03 13,398 --a------ C:\WINDOWS\system32\Repository.reg
    2008-09-20 14:00 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Labtec
    2008-09-20 13:51 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Leadertech
    2008-09-20 13:49 . 2008-09-20 14:04 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
    2008-09-20 13:49 . 2008-09-20 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-09-20 13:49 . 2008-09-20 14:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-09-20 13:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
    2008-09-19 03:07 . 2008-09-27 00:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-17 05:15 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Adobe
    2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Program Files\Avira
    2008-09-17 03:14 . 2008-09-17 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-16 13:53 . 2008-09-16 13:53 <REP> d-------- C:\Program Files\Sun
    2008-09-15 19:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-15 19:47 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-09-15 19:42 . 2008-09-19 23:29 71,808 --a------ C:\WINDOWS\system32\bwojvglimty.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 10:02 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Skype
    2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\MonContenuassistant
    2008-09-24 16:12 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
    2008-09-20 12:05 --------- d-s---w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
    2008-09-20 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-16 12:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-16 12:25 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-09-16 11:53 --------- d-----w C:\Program Files\Java
    2008-09-15 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-15 17:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ProtectionAssuree
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2007-11-26 11:45 198,680 ----a-w C:\Documents and Settings\Propriétaire\Application Data\installer_fr[1].exe
    2007-09-22 19:46 8,853 ----a-w C:\Documents and Settings\DialMessenger\unins000.dat
    2007-09-22 19:45 782,288 ----a-w C:\Documents and Settings\DialMessenger\unins000.exe
    2007-09-22 18:23 782,288 ----a-w C:\Documents and Settings\DialMessenger\dm.dat
    2007-09-18 22:25 459 ----a-w C:\Program Files\INSTALL.LOG
    2007-08-09 16:49 6,287,360 ----a-w C:\Documents and Settings\DialMessenger\dialmessenger.exe
    2007-08-09 16:32 184,320 ----a-w C:\Documents and Settings\DialMessenger\uninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]
    C:\WINDOWS\system32\adsldpv.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SMSTray"="C:\SMSTray.exe" [2007-02-23 126976]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
    "LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
    "vidc.dvsd"= pdvcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    --a------ 2007-08-09 18:49 6287360 C:\Documents and Settings\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    --a------ 2007-04-19 13:26 484904 C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --------- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\WINDOWS\\system32\\muzapp.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 syxceudk;syxceudk;C:\WINDOWS\system32\drivers\monnvpxa.dat [ ]
    S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 96256]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-27 17:02:02
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\syxceudk]
    "ImagePath"="system32\drivers\monnvpxa.dat"
    .
    Heure de fin: 2008-09-27 17:03:15
    ComboFix-quarantined-files.txt 2008-09-27 15:03:13
    ComboFix2.txt 2008-09-27 14:50:23
    ComboFix3.txt 2008-09-26 23:37:00
    ComboFix4.txt 2008-09-24 23:28:37

    Avant-CF: 104ÿ483ÿ024ÿ896 octets libres
    Après-CF: 104,471,142,400 octets libres

    178 --- E O F --- 2008-09-26 22:27:03
    27 Septembre 2008 17:05:05

    Voici le rapport hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:04:49, on 27/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Labtec\WebCam10\WebCam10.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {401EC4E4-158F-4A45-9BCE-312FDA487A40} - C:\WINDOWS\system32\adsldpv.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\SMSTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
    O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O24 - Desktop Component 0: (no name) - http://t3.images.live.com/images/thumbnail.aspx?q=13855...

    --
    End of file - 5200 bytes
    a b 8 Sécurité
    27 Septembre 2008 18:06:48

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    syxceudk

    File::
    C:\WINDOWS\system32\bwojvglimty.exe
    C:\WINDOWS\system32\drivers\monnvpxa.dat

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401EC4E4-158F-4A45-9BCE-312FDA487A40}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS