Votre question

pb virus win32:Trojan-gen{other}

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Septembre 2008 20:41:27

Bonjour,

il y a quelques jours avast a détecter le virus win32:Trojan-gen{other} virus sur mon pc

mais apparemment il n'a pas été supprimé,
j'ai régulierement des pertes de connexion,
et je ne peux meme pas poster sur certain forum (dont celui-ci ...)

voici le log que j'ai obtenu en lancant HiJackThis sur mon pc,
j'espere que quelqu'un pourra m'aider

merci

----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:34, on 05/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\LClock\lclock.exe
C:\Garmin\gStart.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [AdVantage] "F:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6863 bytes

Autres pages sur : virus win32 trojan gen other

a b 8 Sécurité
5 Septembre 2008 21:02:24

Bonjour,

Tu as l'emplacement ?
5 Septembre 2008 21:30:22

l'emplacement du virus ?
non,
je n'ai plus d'alerte,
mais j'ai des soucis de connexion depuis
Contenus similaires
6 Septembre 2008 11:45:05

personne ne peux m'aider alors ?
a b 8 Sécurité
6 Septembre 2008 12:13:15

Je ne pense pas qu'un virus soit à l'origine de ça.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    6 Septembre 2008 12:55:29

    merci, je vais essayer ca tout a l'heure
    6 Septembre 2008 23:37:06

    il y avait bien un virus,

    j'espere que c'est bon maintenant

    mais le rapport qui a été enregistré est celui avant la mise en quarantaine et suppréssion des fichiers infectés
    (j'ai enregistré le rapport avant et après la suppression, mais j'ai trouvé que 1 des rapports, bizarre)

    je vais peut etre le refaire du coup, si ca sert a quelque chose.

    -------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1120
    Windows 5.1.2600 Service Pack 3

    06/09/2008 23:05:44
    mbam-log-2008-09-06 (23-05-15).txt

    Type de recherche: Examen complet (C:\|D:\|F:\|)
    Eléments examinés: 113003
    Temps écoulé: 14 minute(s), 56 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

    Dossier(s) infecté(s):
    F:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.

    Fichier(s) infecté(s):
    F:\WINDOWS\eaxf.exe (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
    F:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
    F:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
    F:\WINDOWS\rqbmvpso.dll (Trojan.FakeAlert) -> No action taken.
    7 Septembre 2008 13:52:01

    mon probleme semble etre résolu,
    merci beaucoup pour votre aide ;) 
    a b 8 Sécurité
    7 Septembre 2008 16:35:53

    On n'a pas terminé !

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    8 Septembre 2008 23:01:33

    voila :



    ComboFix 08-09-05.09 - Seb 2008-09-08 22:43:21.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1578 [GMT 2:00]
    Endroit: F:\Documents and Settings\Seb\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-08 to 2008-09-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-08 21:09 . 2008-09-08 21:16 <REP> d-------- F:\Program Files\eMule
    2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
    2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Documents and Settings\Seb\Application Data\Malwarebytes
    2008-09-06 22:43 . 2008-09-06 22:43 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-06 22:43 . 2008-09-02 00:16 38,528 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-06 22:43 . 2008-09-02 00:16 17,200 --a------ F:\WINDOWS\system32\drivers\mbam.sys
    2008-09-02 23:24 . 2008-09-02 23:24 <REP> d-------- F:\Program Files\Trend Micro
    2008-08-31 14:45 . 2008-08-31 14:45 <REP> d-------- F:\Program Files\PHP Coder
    2008-08-31 14:19 . 2008-08-31 14:19 <REP> d-------- F:\Program Files\FlashFXP
    2008-08-31 14:19 . 2008-08-31 14:19 <REP> d-------- F:\Documents and Settings\All Users\Application Data\FlashFXP
    2008-08-28 00:17 . 2008-08-28 00:18 <REP> d-------- F:\Program Files\Google
    2008-08-14 23:28 . 2008-04-13 19:33 159,232 --a------ F:\WINDOWS\system32\ptpusd.dll
    2008-08-14 23:28 . 2001-08-23 17:47 5,632 --a------ F:\WINDOWS\system32\ptpusb.dll
    2008-08-14 01:07 . 2008-04-13 20:33 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
    2008-08-14 01:07 . 2005-06-28 10:21 22,752 --a------ F:\WINDOWS\system32\spupdsvc.exe
    2008-08-14 00:20 . 2008-07-07 22:28 253,952 --------- F:\WINDOWS\system32\dllcache\es.dll
    2008-08-14 00:20 . 2008-06-24 18:44 74,240 --------- F:\WINDOWS\system32\dllcache\mscms.dll
    2008-08-14 00:13 . 2008-04-11 21:05 691,712 --------- F:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-13 00:03 . 2008-08-13 00:03 <REP> d-------- F:\Program Files\Fichiers communs\Hewlett-Packard
    2008-08-13 00:03 . 2008-04-13 11:45 15,104 --a------ F:\WINDOWS\system32\drivers\usbscan.sys
    2008-08-13 00:03 . 2008-04-13 11:45 15,104 --a------ F:\WINDOWS\system32\dllcache\usbscan.sys
    2008-08-13 00:02 . 2008-08-13 00:02 <REP> d-------- F:\Program Files\HP
    2008-08-13 00:02 . 2004-09-29 12:12 278,584 --a------ F:\WINDOWS\system32\HPZidr12.dll
    2008-08-13 00:02 . 2004-09-29 12:15 204,800 --a------ F:\WINDOWS\system32\HPZipr12.dll
    2008-08-13 00:02 . 2004-09-29 12:09 94,208 --a------ F:\WINDOWS\system32\HPZipt12.dll
    2008-08-13 00:02 . 2004-09-29 12:14 69,632 --a------ F:\WINDOWS\system32\HPZipm12.exe
    2008-08-13 00:02 . 2004-09-29 12:08 61,440 --a------ F:\WINDOWS\system32\HPZinw12.exe
    2008-08-13 00:02 . 2004-09-29 12:09 57,344 --a------ F:\WINDOWS\system32\HPZisn12.dll
    2008-08-12 23:58 . 2008-08-13 00:05 102,903 --a------ F:\WINDOWS\hpoins05.dat
    2008-08-12 23:58 . 2005-06-22 08:27 17,505 --------- F:\WINDOWS\hpomdl07.dat
    2008-08-12 22:52 . 2008-04-13 11:45 32,128 --a------ F:\WINDOWS\system32\drivers\usbccgp.sys
    2008-08-12 22:52 . 2008-04-13 11:45 32,128 --a------ F:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-08-12 22:52 . 2008-04-13 11:47 25,856 --a------ F:\WINDOWS\system32\drivers\usbprint.sys
    2008-08-12 22:52 . 2008-04-13 11:47 25,856 --a------ F:\WINDOWS\system32\dllcache\usbprint.sys
    2008-08-10 01:21 . 2008-09-08 22:46 <REP> d-------- F:\Documents and Settings\Seb\Application Data\OpenOffice.org2
    2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\OpenOffice.org 2.4
    2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\Java
    2008-08-09 23:42 . 2008-08-09 23:42 <REP> d-------- F:\Program Files\Fichiers communs\Java
    2008-08-09 23:42 . 2007-12-14 01:59 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
    2008-08-09 21:01 . 2008-08-09 21:01 <REP> d-------- F:\Program Files\K-Lite Codec Pack
    2008-08-09 20:56 . 2008-08-09 22:50 <REP> d-------- F:\Documents and Settings\Seb\Contacts
    2008-08-09 20:55 . 2008-08-09 20:55 <REP> d----c--- F:\WINDOWS\system32\DRVSTORE
    2008-08-09 20:52 . 2008-08-09 20:54 <REP> d-------- F:\Program Files\Windows Live
    2008-08-09 20:52 . 2008-08-09 20:54 <REP> d--hsc--- F:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-09 20:52 . 2008-08-09 20:52 <REP> d-------- F:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Voisinage r‚seau
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Voisinage d'impression
    2008-08-09 20:47 . 2008-08-09 15:24 <REP> d--h----- F:\Documents and Settings\LogMeInRemoteUser\ModŠles
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Mes documents
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu D‚marrer
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoris
    2008-08-09 20:47 . 2008-08-09 17:19 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser\Bureau
    2008-08-09 20:47 . 2008-08-09 20:53 <REP> d-------- F:\Documents and Settings\LogMeInRemoteUser
    2008-08-09 20:38 . 2008-08-09 20:38 <REP> d-------- F:\Program Files\GigaTribe
    2008-08-09 20:38 . 2008-08-09 20:38 <REP> d-------- F:\Documents and Settings\Seb\Application Data\GigaTribe
    2008-08-09 20:35 . 2008-08-09 20:35 <REP> d-------- F:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-08-09 20:33 . 2008-05-28 12:33 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
    2008-08-09 20:33 . 2008-03-07 13:39 45,848 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2008-08-09 20:33 . 2008-05-28 12:32 24,608 --a------ F:\WINDOWS\system32\LMIport.dll
    2008-08-09 20:32 . 2008-09-08 00:45 <REP> d-------- F:\Program Files\LogMeIn
    2008-08-09 20:32 . 2008-05-28 12:32 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll
    2008-08-09 18:50 . 2008-08-09 18:50 <REP> d-------- F:\Documents and Settings\Seb\Application Data\GARMIN
    2008-08-09 18:50 . 2008-08-09 18:50 <REP> d-------- F:\Documents and Settings\All Users\Application Data\GARMIN
    2008-08-09 18:49 . 2008-08-09 18:49 <REP> d-------- F:\Garmin
    2008-08-09 18:49 . 2007-03-08 17:18 18,432 --a------ F:\WINDOWS\system32\drivers\grmngen.sys
    2008-08-09 18:49 . 2007-03-08 17:18 8,320 --a------ F:\WINDOWS\system32\drivers\grmnusb.sys
    2008-08-09 18:48 . 2008-08-09 18:48 <REP> d-------- F:\Program Files\Zone Five Software
    2008-08-09 18:29 . 2008-08-09 18:29 <REP> d-------- F:\Program Files\Reference Assemblies
    2008-08-09 18:29 . 2008-08-09 18:29 <REP> d-------- F:\Program Files\Microsoft.NET
    2008-08-09 18:08 . 2008-08-09 18:08 <REP> d-------- F:\Program Files\Webteh
    2008-08-09 18:08 . 2008-08-09 18:08 <REP> d-------- F:\Program Files\AdVantage
    2008-08-09 18:05 . 2008-08-09 18:05 <REP> d-------- F:\Documents and Settings\Seb\Application Data\AVS4YOU
    2008-08-09 18:05 . 2008-08-09 18:05 <REP> d-------- F:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-08-09 18:04 . 2008-08-09 18:05 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
    2008-08-09 18:04 . 2008-08-09 18:05 <REP> d-------- F:\Program Files\AVS4YOU
    2008-08-09 18:04 . 2007-02-27 19:36 1,700,352 --a------ F:\WINDOWS\system32\GdiPlus.dll
    2008-08-09 18:04 . 2007-02-27 19:36 974,848 --a------ F:\WINDOWS\system32\mfc70.dll
    2008-08-09 18:04 . 2007-02-27 19:36 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
    2008-08-09 18:04 . 2007-02-27 19:36 344,064 --a------ F:\WINDOWS\system32\msvcr70.dll
    2008-08-09 18:04 . 2007-02-27 19:36 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
    2008-08-09 16:39 . 2001-09-19 07:32 720,896 --a------ F:\WINDOWS\system32\dllcache\a3d.dll
    2008-08-09 16:38 . 2004-01-28 10:21 5,824 --a------ F:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-08-09 16:38 . 2008-08-09 16:41 4,201 --a------ F:\WINDOWS\Ascd_tmp.ini
    2008-08-09 16:29 . 2008-08-09 16:29 <REP> d-------- F:\Program Files\Alwil Software
    2008-08-09 16:24 . 2008-08-14 01:08 <REP> d--h----- F:\WINDOWS\$hf_mig$
    2008-08-09 16:24 . 2008-06-20 13:51 361,600 --------- F:\WINDOWS\system32\dllcache\tcpip.sys
    2008-08-09 16:24 . 2008-06-20 19:47 247,808 --------- F:\WINDOWS\system32\dllcache\mswsock.dll
    2008-08-09 16:24 . 2008-06-20 13:08 225,856 --------- F:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-08-09 16:24 . 2008-06-20 19:47 147,968 --------- F:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-08-09 16:24 . 2008-06-20 13:40 138,496 --------- F:\WINDOWS\system32\dllcache\afd.sys
    2008-08-09 16:23 . 2008-06-14 19:40 272,768 --------- F:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-09 16:09 . 1998-11-13 13:16 308,224 --a------ F:\WINDOWS\IsUn040c.exe
    2008-08-09 16:09 . 2003-10-03 16:28 45,056 --a------ F:\WINDOWS\system32\vusetup.dll
    2008-08-09 16:09 . 2003-08-04 15:29 11,392 --a------ F:\WINDOWS\system32\drivers\vulfntr.sys
    2008-08-09 16:09 . 2003-08-04 15:29 6,912 --a------ F:\WINDOWS\system32\drivers\vulfnth.sys
    2008-08-09 16:07 . 2004-10-22 11:28 204,800 --a------ F:\WINDOWS\system32\VProPage.dll
    2008-08-09 16:07 . 2004-10-22 11:28 40,192 --a------ F:\WINDOWS\system32\drivers\vIdePort.sys
    2008-08-09 16:07 . 2004-10-22 11:28 25,600 --a------ F:\WINDOWS\system32\vIdeInst.dll
    2008-08-09 16:07 . 2004-10-22 11:28 15,232 --a------ F:\WINDOWS\system32\drivers\vIdeBus.sys
    2008-08-09 16:06 . 2005-06-27 08:32 234,752 --a------ F:\WINDOWS\system32\drivers\yk51x86.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-18 23:42 --------- d-----w F:\Program Files\Microsoft Silverlight
    2008-08-09 15:35 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
    2008-08-09 13:59 --------- d-----w F:\Program Files\VIA
    2008-08-09 13:59 --------- d-----w F:\Program Files\InstallShield Installation Information
    2008-08-09 13:55 --------- d-----w F:\Program Files\ASUS
    2008-08-09 13:31 --------- d-----w F:\Program Files\microsoft frontpage
    2008-08-09 13:28 --------- d-----w F:\Program Files\LClock
    2008-08-09 13:26 --------- d-----w F:\Program Files\Services en ligne
    2008-08-09 13:24 --------- d-----w F:\Program Files\Windows Media Connect 2
    2008-07-23 13:24 446,464 ----a-w F:\WINDOWS\system32\NVUNINST.EXE
    2008-07-18 20:10 94,920 ----a-w F:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w F:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w F:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w F:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w F:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w F:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w F:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w F:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w F:\WINDOWS\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w F:\WINDOWS\system32\es.dll
    2008-07-04 00:33 3,127 ----a-w F:\WINDOWS\system32\presetup.cmd
    2008-07-04 00:33 28,672 ----a-w F:\WINDOWS\system32\setupold.exe
    2008-06-24 16:44 74,240 ----a-w F:\WINDOWS\system32\mscms.dll
    2008-06-23 08:23 70,656 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 08:23 625,664 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 08:23 13,824 ------w F:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:47 247,808 ----a-w F:\WINDOWS\system32\mswsock.dll
    2008-06-20 09:00 218,624 ----a-w F:\WINDOWS\system32\uxtheme.dll
    2008-06-20 07:18 2,783,744 ----a-w F:\WINDOWS\system32\winntbbu.dll
    2008-06-19 17:27 1,368,576 ----a-w F:\WINDOWS\system32\msgina.dll
    2008-06-19 12:56 142,336 ----a-w F:\WINDOWS\system32\sfc_os.dll
    2008-06-19 12:56 1,013,248 ----a-w F:\WINDOWS\system32\syssetup.dll
    2008-06-19 12:40 99,840 ----a-w F:\WINDOWS\system32\wmpshell.dll
    2008-06-19 12:40 8,292,352 ----a-w F:\WINDOWS\system32\wmploc.dll
    2008-06-19 12:40 603,648 ----a-w F:\WINDOWS\system32\wmspdmod.dll
    2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmvdmoe2.dll
    2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmvdmod.dll
    2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmsdmoe2.dll
    2008-06-19 12:40 4,096 ----a-w F:\WINDOWS\system32\wmsdmod.dll
    2008-06-19 12:40 314,880 ----a-w F:\WINDOWS\system32\wmpdxm.dll
    2008-06-19 12:40 242,688 ----a-w F:\WINDOWS\system32\wmpasf.dll
    2008-06-19 12:40 1,329,152 ----a-w F:\WINDOWS\system32\wmspdmoe.dll
    2008-06-19 12:38 8,704 ----a-w F:\WINDOWS\system32\wdfmgr.exe
    2008-06-12 18:36 7,680 ----a-w F:\WINDOWS\system32\ff_vfw.dll
    2008-06-10 12:08 78,336 ----a-w F:\WINDOWS\system32\ieencode.dll
    2008-06-10 12:08 71,680 ----a-w F:\WINDOWS\system32\admparse.dll
    2008-06-10 12:08 55,296 ----a-w F:\WINDOWS\system32\iesetup.dll
    2008-06-10 12:08 48,128 ----a-w F:\WINDOWS\system32\mshtmler.dll
    2008-06-10 12:08 45,568 ----a-w F:\WINDOWS\system32\mshta.exe
    2008-06-10 12:08 40,960 ----a-w F:\WINDOWS\system32\licmgr10.dll
    2008-06-10 12:08 156,160 ----a-w F:\WINDOWS\system32\msls31.dll
    2008-06-10 11:11 36,352 ----a-w F:\WINDOWS\system32\imgutil.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "LClock"="F:\Program Files\LClock\lclock.exe" [2004-09-19 65536]
    "gStart"="C:\Garmin\gStart.exe" [2007-08-23 1891416]
    "MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "swg"="F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-28 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RaidTool"="F:\Program Files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
    "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
    "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
    "LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
    "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
    "Ptipbmf"="ptipbmf.dll" [2006-02-26 F:\WINDOWS\system32\ptipbmf.dll]
    "nwiz"="nwiz.exe" [2008-05-03 F:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
    "LClock"="F:\Program Files\LClock\LClock.exe" [2004-09-19 65536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-06-23 F:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoInternetIcon"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 12:32 87352 F:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "F:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "F:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe"=
    "F:\\Program Files\\eMule\\emule.exe"=

    R0 fst376xp;fst376xp;F:\WINDOWS\system32\drivers\fst376xp.sys [2008-07-04 159744]
    R0 vIdeBus;vIdeBus;F:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2004-10-22 15232]
    R0 vIdePort;VIA IDE Controller PORT Driver;F:\WINDOWS\system32\DRIVERS\vIdePort.sys [2004-10-22 40192]
    R0 videX32;videX32;F:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 9216]
    R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]

    *Newly Created Service* - HELPSVC
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-AdVantage - F:\Program Files\AdVantage\AdVantage.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-08 22:46:08
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\LogMeIn\x86\ramaint.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\Program Files\LogMeIn\x86\LogMeIn.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\HPZipm12.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.bin
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-08 22:47:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-08 20:47:02

    Pre-Run: 2,887,745,536 octets libres
    Post-Run: 3,160,678,400 octets libres

    293 --- E O F --- 2008-08-20 19:49:33
    a b 8 Sécurité
    9 Septembre 2008 12:55:08

    Reposte un rapport Hijackthis.
    9 Septembre 2008 20:17:27

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:14:28, on 09/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\VIA\RAID\raid_tool.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\LClock\lclock.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Garmin\gStart.exe
    F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    F:\Program Files\LogMeIn\x86\RaMaint.exe
    F:\Program Files\LogMeIn\x86\LogMeIn.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\HPZipm12.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
    F:\Program Files\Windows Live\Messenger\usnsvc.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

    --
    End of file - 6575 bytes
    a b 8 Sécurité
    9 Septembre 2008 20:20:50

    On va voir s'il reste du TDSSSERV.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    9 Septembre 2008 21:44:27

    Rapport SDFix


    SDFix: Version 1.223
    Run by Seb on 09/09/2008 at 21:34

    Microsoft Windows XP [version 5.1.2600]
    Running From: F:\Documents and Settings\Seb\Bureau\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Missing Security Center Service

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-09 21:37:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "F:\\Program Files\\GigaTribe\\gigatribe.exe"="F:\\Program Files\\GigaTribe\\gigatribe.exe:*:Enabled:gigatribe"
    "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "F:\\Program Files\\FlashFXP\\FlashFXP.exe"="F:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe"="C:\\utils\\E mule\\emulev0.46c-MorphXTv7.6-bin\\emule\\emule.exe:*:Enabled:eMule"
    "F:\\Program Files\\eMule\\emule.exe"="F:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "F:\\Program Files\\FlashFXP\\FlashFXP.exe"="F:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

    Remaining Files :



    Files with Hidden Attributes :


    Finished!



    ----------------------------------------------------------------------------

    Rapport HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40:29, on 09/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\LogMeIn\x86\RaMaint.exe
    F:\Program Files\LogMeIn\x86\LogMeIn.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\HPZipm12.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\VIA\RAID\raid_tool.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\LClock\lclock.exe
    C:\Garmin\gStart.exe
    F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

    --
    End of file - 6505 bytes
    9 Septembre 2008 22:32:23

    ok :) 
    je donnerai le resultat demain
    10 Septembre 2008 00:26:08

    j'ai l'impression que j'en ai pas fini avec les virus ... :( 

    ------------------------------------------------------------------------------------
    Rapport de Antivir :




    Avira AntiVir Personal
    Report file date: mardi 9 septembre 2008 23:34

    Scanning for 1369550 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: HOME-6D756EC6B7

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
    ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: F:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, F:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 9 septembre 2008 23:34

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'gStart.exe' - '1' Module(s) have been scanned
    Scan process 'LClock.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
    Scan process 'ramaint.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '50' files ).


    Starting the file scan:

    Begin scan in 'C:\' <70>
    C:\@\Pinball\Autres\funp.zip
    [0] Archive type: ZIP
    --> NH.exe
    [DETECTION] Contains recognition pattern of the DR/NavExcel.A.1 dropper
    [NOTE] The file was moved to '4934ecb6.qua'!
    C:\utils\eDonkey60.exe
    [DETECTION] Contains recognition pattern of the DR/Ucmore.A.36 dropper
    [NOTE] The file was moved to '4935f2a5.qua'!
    C:\utils\tweak XP 3.rar
    [0] Archive type: RAR
    --> tweak-xp.pro.v3.0.2.online.check.remover.for.full.version.crack.rar
    [1] Archive type: RAR
    --> tweak-xp.pro.v3.0.2.online.check.remover.for.full.version.crack.exe
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '492bf2fa.qua'!
    C:\utils\Proxy Hunter 1 + 2\ProxyHunter.exe
    [0] Archive type: CAB SFX (self extracting)
    --> \Disk1\ikernel.ex_
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\utils\Trillian\pluging\trillian\trillian.exe
    [DETECTION] Is the TR/Virtl.TrillPass.A Trojan
    [NOTE] The file was moved to '492ff413.qua'!
    Begin scan in 'D:\' <76>
    D:\@\dstroy.zip
    [0] Archive type: ZIP
    --> INSTALL.R00
    [1] Archive type: RAR
    --> DATA\MAINMENU.PM
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    D:\@\dstroy\INSTALL.R00
    [0] Archive type: RAR
    --> DATA\MAINMENU.PM
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'F:\' <windows>
    F:\hiberfil.sys
    [WARNING] The file could not be opened!
    F:\pagefile.sys
    [WARNING] The file could not be opened!
    F:\WINDOWS\inf\XPSP3Upd.inf
    [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
    [NOTE] The file was moved to '4919f6d4.qua'!


    End of the scan: mercredi 10 septembre 2008 00:21
    Used time: 46:26 Minute(s)

    The scan has been done completely.

    6781 Scanning directories
    425196 Files were scanned
    5 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    5 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    425188 Files not concerned
    5902 Archives were scanned
    6 Warnings
    5 Notes

    a b 8 Sécurité
    10 Septembre 2008 12:30:25

    Reposte un rapport Hijackthis.
    11 Septembre 2008 02:19:32

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:16:23, on 11/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    F:\Program Files\VIA\RAID\raid_tool.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\LClock\lclock.exe
    C:\Garmin\gStart.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    F:\Program Files\LogMeIn\x86\RaMaint.exe
    F:\Program Files\LogMeIn\x86\LogMeIn.exe
    F:\Program Files\LogMeIn\x86\LMIGuardian.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\HPZipm12.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
    F:\Program Files\Windows Live\Messenger\usnsvc.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: GigaTribe.lnk = F:\Program Files\GigaTribe\gigatribe.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - F:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - F:\WINDOWS\System32\ups.exe (file missing)

    --
    End of file - 6546 bytes
    a b 8 Sécurité
    11 Septembre 2008 13:16:07

    Tu as encore des soucis ?
    11 Septembre 2008 21:27:19

    apparemment non
    c'est fini alors ?
    a b 8 Sécurité
    11 Septembre 2008 21:32:40

    Ouaip :) 
    11 Septembre 2008 21:34:30

    cool :) 
    merci beaucoup pour ton aide précieuse
    11 Septembre 2008 23:40:33

    j'ai peut etre parlé trop vite ...
    Antivir a encore trouvé un fichier infecté :( 
    a b 8 Sécurité
    12 Septembre 2008 13:17:54

    Emplacement ?
    13 Septembre 2008 00:52:39

    je sais pas

    je m'absente 1 semaine, je verrai a mon retour,
    merci
    a b 8 Sécurité
    13 Septembre 2008 12:55:24

    Si je ne vois plus le sujet, envoie moi un MP.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS