Votre question

virus-rootkit infection

Tags :
  • Rootkit
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Septembre 2008 10:13:59

Bonjour,

Avast a détecté une infection d'un rootkit.
Un peu d'aide pour m'en débarrasser serait grandement apprécié.

voici un rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 10:08:34, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\julien\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A850930F-55CD-4B50-B073-11DCA5EDE7CB}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe



Merci beaucoup d'avance.

Autres pages sur : virus rootkit infection

a b 8 Sécurité
12 Septembre 2008 13:27:37

Bonjour,

Quel emplacement ?
12 Septembre 2008 13:51:40

Bonjour,

Voici les fichier mis en quarantaine par avast:

tdssadw.dll
C/WINDOS/system32 Win32 Rootkit-gen

A0158330.exe
C/Systeme volume information/_restore{B89....70D}\RP78 Win32 Rootkit-gen

tdsll.dll
C/WINDOS/system32 Win32Bravix

tdsslog.dll
C/WINDOS/system32 Win32Bravix

tdssmain.dll
C/WINDOS/system32 Win32Bravix

tdssserv.sys
C/WINDOS/system32/drivers Win32 Rootkit-gen

merci
Contenus similaires
a b 8 Sécurité
12 Septembre 2008 15:39:34

Merci pour l'info :) 

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    12 Septembre 2008 17:23:10

    Ayant omis d'enregister combofix sur le bureau
    suite au 1 er scan le programme n'est pas arriver a redémarrer mon PC( donc pas de rapport) , donc voila le rapport du 2 essai.


    ComboFix 08-09-11.02 - julien 2008-09-12 17:10:05.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.679 [GMT 2:00]
    Endroit: C:\Documents and Settings\julien\Bureau\ComboFix.exe


    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\_000010_.tmp.dll
    C:\WINDOWS\system32\_000011_.tmp.dll
    C:\WINDOWS\system32\_000012_.tmp.dll
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdsspopup.dll
    C:\WINDOWS\system32\tdsspopup1.url
    C:\WINDOWS\system32\tdsspopup2.url
    C:\WINDOWS\system32\tdsspopup3.url
    C:\WINDOWS\system32\tdssservers.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino3.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino2.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino1.ico
    2008-09-03 18:27 . 2008-09-03 18:27 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
    2008-09-03 18:25 . 2008-09-03 18:25 <REP> d-------- C:\Program Files\alaplaya
    2008-09-01 22:08 . 2008-09-01 22:08 <REP> d-------- C:\Program Files\GameTribe
    2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 07:44 --------- d-----w C:\Documents and Settings\julien\Application Data\EoRezo
    2008-09-11 15:15 --------- d-----w C:\Documents and Settings\julien\Application Data\BitTorrent
    2008-09-05 19:07 --------- d-----w C:\Documents and Settings\julien\Application Data\Xfire
    2008-09-04 07:22 --------- d-s---w C:\Program Files\Xfire
    2008-09-03 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 19:46 --------- d-----w C:\Program Files\jeux
    2008-09-01 19:40 --------- d-----w C:\Program Files\Codemasters
    2008-09-01 18:20 --------- d-----w C:\Program Files\Dofus
    2008-06-26 18:41 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-06-26 18:41 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-06-26 18:41 333,576 ----a-w C:\WINDOWS\TSC.exe
    2008-06-26 18:41 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-06-26 18:38 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-06-26 18:38 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-06-26 18:38 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 43008]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 3628080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 185784]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\lsupdatemanager.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\NCSoft\\Launcher\\NCLauncher.exe"=
    "C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
    "C:\\Program Files\\GUILD WARS\\Gw.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fury\\Binaries\\Fury.exe"=
    "C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Gravity\\Requiem\\system\\DebugSystem.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
    "C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=

    R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys [2007-03-29 64896]
    R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);C:\WINDOWS\system32\drivers\ps6ahqjb.sys [2007-03-29 52616]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S2 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);C:\WINDOWS\system32\pr2ahqjb.exe svc [ ]
    S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
    S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [ ]
    S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys [ ]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Topstart.exe
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\julien\Application Data\Mozilla\Firefox\Profiles\dyb2a5ab.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-12 17:12:28
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-12 17:15:40 - machine was rebooted [julien]
    ComboFix-quarantined-files.txt 2008-09-12 15:15:37

    Pre-Run: 31,697,707,008 octets libres
    Post-Run: 31,635,099,648 octets libres

    152 --- E O F --- 2008-09-11 01:00:28


    encore merci.
    a b 8 Sécurité
    12 Septembre 2008 17:50:59

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    XDva032
    XDva168

    File::
    C:\WINDOWS\system32\casino3.ico
    C:\WINDOWS\system32\casino2.ico
    C:\WINDOWS\system32\casino1.ico
    C:\WINDOWS\system32\XDva032.sys
    C:\WINDOWS\system32\XDva168.sys


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    12 Septembre 2008 18:23:09

    Re
    Voici le rapport Combofix

    ComboFix 08-09-11.02 - julien 2008-09-12 18:17:45.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.670 [GMT 2:00]
    Endroit: C:\Documents and Settings\julien\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\julien\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino3.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino2.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino1.ico
    2008-09-03 18:27 . 2008-09-03 18:27 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
    2008-09-03 18:25 . 2008-09-03 18:25 <REP> d-------- C:\Program Files\alaplaya
    2008-09-01 22:08 . 2008-09-01 22:08 <REP> d-------- C:\Program Files\GameTribe
    2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 07:44 --------- d-----w C:\Documents and Settings\julien\Application Data\EoRezo
    2008-09-11 15:15 --------- d-----w C:\Documents and Settings\julien\Application Data\BitTorrent
    2008-09-05 19:07 --------- d-----w C:\Documents and Settings\julien\Application Data\Xfire
    2008-09-04 07:22 --------- d-s---w C:\Program Files\Xfire
    2008-09-03 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 19:46 --------- d-----w C:\Program Files\jeux
    2008-09-01 19:40 --------- d-----w C:\Program Files\Codemasters
    2008-09-01 18:20 --------- d-----w C:\Program Files\Dofus
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-26 18:41 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-06-26 18:41 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-06-26 18:41 333,576 ----a-w C:\WINDOWS\TSC.exe
    2008-06-26 18:41 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-06-26 18:38 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-06-26 18:38 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-06-26 18:38 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-23 16:15 671,232 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 43008]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 3628080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 185784]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\lsupdatemanager.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\NCSoft\\Launcher\\NCLauncher.exe"=
    "C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
    "C:\\Program Files\\GUILD WARS\\Gw.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fury\\Binaries\\Fury.exe"=
    "C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Gravity\\Requiem\\system\\DebugSystem.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
    "C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=

    R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys [2007-03-29 64896]
    R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);C:\WINDOWS\system32\drivers\ps6ahqjb.sys [2007-03-29 52616]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S2 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);C:\WINDOWS\system32\pr2ahqjb.exe svc [ ]
    S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
    S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [ ]
    S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys [ ]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Topstart.exe
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-12 18:18:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-12 18:19:20
    ComboFix-quarantined-files.txt 2008-09-12 16:19:10
    ComboFix2.txt 2008-09-12 15:15:40

    Pre-Run: 31,598,194,688 octets libres
    Post-Run: 31,585,353,728 octets libres

    124 --- E O F --- 2008-09-11 01:00:28
    __________________________
    Et celui HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 18:21:16, on 12/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\julien\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A850930F-55CD-4B50-B073-11DCA5EDE7CB}: NameServer = 86.64.145.144 84.103.237.144
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe

    a b 8 Sécurité
    12 Septembre 2008 18:25:05

    Tu as mis quoi dans CFScript ?
    12 Septembre 2008 18:48:44

    Euh a priori ceux que tu m'as indiqué dans le cadre.

    Driver::
    XDva032
    XDva168

    File::
    C:\WINDOWS\system32\casino3.ico
    C:\WINDOWS\system32\casino2.ico
    C:\WINDOWS\system32\casino1.ico
    C:\WINDOWS\system32\XDva032.sys
    C:\WINDOWS\system32\XDva168.sys

    Quelque chose cloche ?
    a b 8 Sécurité
    12 Septembre 2008 19:10:34

    Tu peux recommencer ?
    12 Septembre 2008 19:28:34

    Bien sur,
    voila les nouveaux rapport

    ComboFix 08-09-11.02 - julien 2008-09-12 19:23:47.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.649 [GMT 2:00]
    Endroit: C:\Documents and Settings\julien\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\julien\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino3.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino2.ico
    2008-09-10 22:05 . 2008-09-10 22:05 88,878 --a------ C:\WINDOWS\system32\casino1.ico
    2008-09-03 18:27 . 2008-09-03 18:27 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
    2008-09-03 18:25 . 2008-09-03 18:25 <REP> d-------- C:\Program Files\alaplaya
    2008-09-01 22:08 . 2008-09-01 22:08 <REP> d-------- C:\Program Files\GameTribe
    2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 07:44 --------- d-----w C:\Documents and Settings\julien\Application Data\EoRezo
    2008-09-11 15:15 --------- d-----w C:\Documents and Settings\julien\Application Data\BitTorrent
    2008-09-05 19:07 --------- d-----w C:\Documents and Settings\julien\Application Data\Xfire
    2008-09-04 07:22 --------- d-s---w C:\Program Files\Xfire
    2008-09-03 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 19:46 --------- d-----w C:\Program Files\jeux
    2008-09-01 19:40 --------- d-----w C:\Program Files\Codemasters
    2008-09-01 18:20 --------- d-----w C:\Program Files\Dofus
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-26 18:41 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-06-26 18:41 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-06-26 18:41 333,576 ----a-w C:\WINDOWS\TSC.exe
    2008-06-26 18:41 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-06-26 18:38 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2008-06-26 18:38 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2008-06-26 18:38 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-23 16:15 671,232 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 43008]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 3628080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 185784]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\lsupdatemanager.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\NCSoft\\Launcher\\NCLauncher.exe"=
    "C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
    "C:\\Program Files\\GUILD WARS\\Gw.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fury\\Binaries\\Fury.exe"=
    "C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Gravity\\Requiem\\system\\DebugSystem.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\AeriaGames\\12Sky\\TwelveSky.exe"=
    "C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=

    R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);C:\WINDOWS\system32\drivers\pe3ahqjb.sys [2007-03-29 64896]
    R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);C:\WINDOWS\system32\drivers\ps6ahqjb.sys [2007-03-29 52616]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S2 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);C:\WINDOWS\system32\pr2ahqjb.exe svc [ ]
    S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
    S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [ ]
    S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys [ ]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Topstart.exe
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-12 19:24:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-12 19:25:12
    ComboFix-quarantined-files.txt 2008-09-12 17:25:00
    ComboFix2.txt 2008-09-12 16:19:21
    ComboFix3.txt 2008-09-12 15:15:40

    Pre-Run: 31,597,219,840 octets libres
    Post-Run: 31,584,702,464 octets libres

    125 --- E O F --- 2008-09-11 01:00:28

    et HijackThis


    Logfile of HijackThis v1.99.1
    Scan saved at 19:27:53, on 12/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\julien\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A850930F-55CD-4B50-B073-11DCA5EDE7CB}: NameServer = 86.64.145.144 84.103.237.144
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe

    12 Septembre 2008 21:09:23

    Re,
    voici le rapport Antivir:

    Avira AntiVir Personal
    Report file date: vendredi 12 septembre 2008 20:09

    Scanning for 1369550 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: YO

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
    ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 12 septembre 2008 20:09

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '54' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\julien\Mes documents\169.21_forceware_winxp_32bit_international_whql.exe
    [0] Archive type: CAB SFX (self extracting)
    --> \CAD.tv_
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'D:\' <ACERDATA>
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    D:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP178\A0159369.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 327882R2FWJFW\ERUNT.cfexe
    [DETECTION] Contains HEUR/Crypted suspicious code
    --> 327882R2FWJFW\swreg.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The file was moved to '48fbbc64.qua'!


    End of the scan: vendredi 12 septembre 2008 21:05
    Used time: 55:58 Minute(s)

    The scan has been done completely.

    7388 Scanning directories
    406061 Files were scanned
    0 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    406056 Files not concerned
    8420 Archives were scanned
    8 Warnings
    1 Notes

    En te remerciant pour le temps que tu me consacre.
    a b 8 Sécurité
    13 Septembre 2008 13:04:04

    Reposte un rapport Hijackthis.
    14 Septembre 2008 23:08:14

    Re,
    donc voici le rapport HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 22:57:56, on 14/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\julien\LOCALS~1\Temp\Rar$EX00.032\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe

    Encore merci :) 
    a b 8 Sécurité
    15 Septembre 2008 13:38:57

    Encore des soucis ?
    15 Septembre 2008 18:15:56

    Non a priori tout est rentrée dans l'ordre merci beaucoup ! :love: 
    a b 8 Sécurité
    15 Septembre 2008 18:28:45

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS