Se connecter / S'enregistrer
Votre question

Virus virtumonde et problème WindowUpdate

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Août 2008 17:46:27

Bonjour,
Je viens de crée un profil pour que vous puissiez m'aider.
Depuis ce matin , l'icone bouclier rouge c'est affiché m'indiquant que les mises a jours Windows étaient désactivées.
Seulement quand je clique dessus , window m'indique "désolé , le centre de sécurité n'a pa pu modifier..." .
J'ai bien suivis les conseils des autres sujets similaires au mien.
Je suis passer par le panneau de configuration et dans celui ci , les mises à jours paraissent activées.
Je suis ensuite alles dans regedit et dans le HKEY_LOCAL_MACHINE vérifié que les utilisateurs ADMINISTRATEURS et SYSTEME avaient accès aux mises a jours en cliquant sur propriété.
J'ai aussi vérifié dans services.msc :
L'icone elle même est désactivé et , quand je clique sur activé dans les propriété , absolument rien ne se passe , il redevient désactivé.
J'ai aussi remarqué que ce matin mon spybot me demande de suprimé des valeurs du System 32 et que j'ai des virus Virtumonde.dll Trojan. Que je n'arrive pas a enlevé.
Je viens de lancer une recherche SpyBot et il me trouve un virus du nom de virtumonde.dll TrojansC ainsi que double clic et blue (machin chose je me souviens plus du nom)
Dès qu'il le trouve , mon XP se transforme en Windows 98 (barre grises et vieilles icones) et s'éteint puis se redémarre seul. Cela m'inquiète....
Le virus se trouve dans le systeme32 et se nome awtqrOHW.dll
Je ne sais pas si le problèmee mise a jour est liés a ceci.
J'ai aussi suprimé plusieurs Adware qui sont survenus ce matin même aussi.
Spybot demande a suprimé des valeurs de Spybot et il demandea suprimé le fichier infecter sans y parvenir.
Je ne sais plus quoi faire...
J'ai essayer notament en mode sans echec mais sans succès.

Voici le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:34, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file -

Autres pages sur : virus virtumonde probleme windowupdate

27 Août 2008 18:39:41

Tiens je viens aussi de remarqué que quand j'essaye de télécharger quelque chose , ma barre démaré disparrait ainsi que tout mon bureau...
a b 8 Sécurité
27 Août 2008 18:50:46

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    27 Août 2008 19:37:32

    ComboFix 08-08-26.03 - gledel 2008-08-27 19:14:07.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.189 [GMT 2:00]
    Endroit: C:\Documents and Settings\gledel\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    /wow section - STAGE 40
    pv: No matching processes found


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\gledel\err.log
    C:\WINDOWS\system32\awtqrOHW.dll
    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\UpMedia
    C:\WINDOWS\system32\urlmsnlink.dat
    C:\WINDOWS\system32\vvFLlnpo.ini
    C:\WINDOWS\system32\vvFLlnpo.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-27 19:29 . 2008-08-27 19:31 963 --ahs---- C:\WINDOWS\system32\vvFLlnpo.ini
    2008-08-27 19:01 . 2008-08-24 05:08 <REP> d-------- C:\SDFix
    2008-08-27 17:34 . 2008-08-27 17:34 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-27 16:24 . 2004-09-13 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-27 16:24 . 2002-09-25 16:11 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-08-27 16:24 . 2002-09-25 16:22 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-08-27 16:24 . 2002-09-25 16:22 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-27 16:24 . 2008-08-27 16:24 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-27 14:00 . 2008-08-27 14:00 91 --a------ C:\WINDOWS\wininit.ini
    2008-08-27 12:00 . 2008-08-27 12:00 312,832 --a------ C:\WINDOWS\system32\opnlLFvv.dll
    2008-08-16 14:42 . 2008-08-16 14:42 268 --ah----- C:\sqmdata19.sqm
    2008-08-16 14:42 . 2008-08-16 14:42 244 --ah----- C:\sqmnoopt19.sqm
    2008-08-14 13:21 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-07 18:19 . 2008-08-07 18:19 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
    2008-08-07 18:19 . 2008-08-07 18:19 <REP> d-------- C:\Documents and Settings\gledel\Application Data\agi
    2008-08-07 18:19 . 2008-08-07 18:19 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
    2008-08-07 18:19 . 2008-08-07 18:19 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
    2008-08-07 18:19 . 2008-08-07 18:19 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
    2008-07-31 19:01 . 2008-07-31 19:02 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2008-07-31 18:28 . 2008-07-31 18:28 244 --ah----- C:\sqmnoopt18.sqm
    2008-07-31 18:28 . 2008-07-31 18:28 232 --ah----- C:\sqmdata18.sqm
    2008-07-30 14:54 . 2008-07-30 17:04 <REP> d-------- C:\Program Files\FRoG Creator V0.4

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 17:30 82,944 ----a-w C:\WINDOWS\system32\hbafggxv.dll
    2008-08-27 17:30 115,712 ----a-w C:\WINDOWS\system32\haqvcndh.dll
    2008-08-27 10:27 --------- d-----w C:\Documents and Settings\gledel\Application Data\BitTorrent
    2008-08-27 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-19 13:11 --------- d-----w C:\Program Files\100%Naruto
    2008-08-12 11:45 --------- d-----w C:\Program Files\Java
    2008-08-06 12:04 --------- d-----w C:\Program Files\Steam
    2008-07-27 13:50 --------- d-----w C:\Documents and Settings\gledel\Application Data\DNA
    2008-07-27 12:10 --------- d-----w C:\Program Files\Sony
    2008-07-24 16:25 --------- d-----w C:\Documents and Settings\gledel\Application Data\GetRightToGo
    2008-07-24 16:11 --------- d-----w C:\Program Files\Microsoft SQL Server
    2008-07-24 16:11 --------- d-----w C:\Documents and Settings\gledel\Application Data\Sony
    2008-07-24 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
    2008-07-24 16:08 --------- d-----w C:\Program Files\Sony Setup
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-17 11:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-16 12:08 --------- d-----w C:\Program Files\Maxis
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-21 12:56 2,829 ----a-w C:\WINDOWS\W3DemoUnin.pif
    2008-06-21 12:56 126,976 ----a-w C:\WINDOWS\W3DemoUnin.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2007-05-26 08:31 538 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb8467.dat
    2007-05-26 08:31 374 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb6334.dat
    2007-05-26 08:31 18,432 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb41.dat
    2006-02-12 11:17 66,382 -c-ha-w C:\Program Files\PFINISH.GID
    2004-10-30 09:47 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97B89E96-C404-42D0-94D9-3B329126380D}]
    2008-08-27 12:00 312832 --a------ C:\WINDOWS\system32\opnlLFvv.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 19:41 1832272]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 21:10 335872]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-11-25 18:36 1232946]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnlLFvv

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^gledel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
    path=C:\Documents and Settings\gledel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a------ 2008-05-24 11:40 289088 C:\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-07-08 18:08 1271032 c:\Program Files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Documents and Settings\\gledel\\Mes documents\\nico fichier\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\ValuSoft\\Chris Moneymakers World Poker Championship\\poker.exe"=
    "C:\\Documents and Settings\\gledel\\Mes documents\\nico fichier\\Limewire 1\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\warfire44\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
    R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 09:56]
    S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys [2005-08-30 13:17]
    S3 archmdm;NEC WMC USB_BJ1 Port Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys [2005-08-30 13:17]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06faf982-893a-11db-a710-0008d30706ab}]
    \Shell\Auto\command - RavMon.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2007-03-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

    2008-08-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4E1904F0-B94C-44CB-B067-4D8C91BA52BA}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
    BHO-{047BFEC7-5C1E-466F-B3E8-47A507A7D19A} - (no file)
    HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
    Notify-awtqrOHW - (no file)
    MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
    MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\gledel\Application Data\Mozilla\Firefox\Profiles\u7zssin4.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-27 19:29:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\WINDOWS\system32\haqvcndh.dll 115712 bytes executable
    C:\WINDOWS\system32\hbafggxv.dll 82944 bytes executable
    C:\WINDOWS\system32\vvFLlnpo.ini 1252 bytes
    C:\WINDOWS\system32\vvFLlnpo.ini2 1252 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 4

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\opnlLFvv.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\opnlLFvv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Ahead\InCD\incdsrv.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-27 19:37:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-27 17:37:09

    Pre-Run: 40,025,337,856 octets libres
    Post-Run: 40,203,137,024 octets libres

    210 --- E O F --- 2008-08-16 09:09:32


    ____________________


    Voilà le compte rendu
    27 Août 2008 19:47:56

    Mon Spybot me demande aussi :

    Winlogon
    Valeur a suprimé : awtqrOHW


    et autoriser la modif est la seule solution possible.
    Mais je l'ai contourné en utilisant le raccourcis Alt+ctrl+suppr pour ainsi fermer la fenêtre.

    Merci pour votre aide !
    a b 8 Sécurité
    27 Août 2008 20:14:42

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\vvFLlnpo.ini
    C:\WINDOWS\system32\opnlLFvv.dll
    C:\WINDOWS\system32\hbafggxv.dll
    C:\WINDOWS\system32\haqvcndh.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97B89E96-C404-42D0-94D9-3B329126380D}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    27 Août 2008 21:10:33

    Est ce que le fichier texte doit disparaitre ?
    Car quand je le fait glisser sur ComboFix.exe (mon icone a d'ailleurs une tête de lion et non une croix mais je pense que c'est sans importance) le fichier texte reviens a sa place mais on me demande si je veux exécuter ou non ComboFix.exe.
    Que dois je faire ?
    27 Août 2008 21:36:15

    ComboFix 08-08-26.03 - gledel 2008-08-27 21:13:11.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.204 [GMT 2:00]
    Endroit: C:\Documents and Settings\gledel\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\gledel\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\haqvcndh.dll
    C:\WINDOWS\system32\hbafggxv.dll
    C:\WINDOWS\system32\opnlLFvv.dll
    C:\WINDOWS\system32\vvFLlnpo.ini
    .
    /wow section - STAGE 40
    pv: No matching processes found


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\haqvcndh.dll
    C:\WINDOWS\system32\hbafggxv.dll
    C:\WINDOWS\system32\opnlLFvv.dll
    C:\WINDOWS\system32\vvFLlnpo.ini
    C:\WINDOWS\system32\vvFLlnpo.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-27 19:01 . 2008-08-24 05:08 <REP> d-------- C:\SDFix
    2008-08-27 17:34 . 2008-08-27 17:34 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-27 16:24 . 2004-09-13 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-27 16:24 . 2002-09-25 16:11 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-08-27 16:24 . 2002-09-25 16:22 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-08-27 16:24 . 2002-09-25 16:22 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-27 16:24 . 2002-09-25 17:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-27 16:24 . 2008-08-27 16:24 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-27 14:00 . 2008-08-27 14:00 91 --a------ C:\WINDOWS\wininit.ini
    2008-08-16 14:42 . 2008-08-16 14:42 268 --ah----- C:\sqmdata19.sqm
    2008-08-16 14:42 . 2008-08-16 14:42 244 --ah----- C:\sqmnoopt19.sqm
    2008-08-14 13:21 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-07 18:19 . 2008-08-07 18:19 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
    2008-08-07 18:19 . 2008-08-07 18:19 <REP> d-------- C:\Documents and Settings\gledel\Application Data\agi
    2008-08-07 18:19 . 2008-08-07 18:19 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
    2008-08-07 18:19 . 2008-08-07 18:19 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
    2008-08-07 18:19 . 2008-08-07 18:19 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
    2008-07-31 19:01 . 2008-07-31 19:02 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2008-07-31 18:28 . 2008-07-31 18:28 244 --ah----- C:\sqmnoopt18.sqm
    2008-07-31 18:28 . 2008-07-31 18:28 232 --ah----- C:\sqmdata18.sqm
    2008-07-30 14:54 . 2008-07-30 17:04 <REP> d-------- C:\Program Files\FRoG Creator V0.4

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 10:27 --------- d-----w C:\Documents and Settings\gledel\Application Data\BitTorrent
    2008-08-27 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-19 13:11 --------- d-----w C:\Program Files\100%Naruto
    2008-08-12 11:45 --------- d-----w C:\Program Files\Java
    2008-08-06 12:04 --------- d-----w C:\Program Files\Steam
    2008-07-27 13:50 --------- d-----w C:\Documents and Settings\gledel\Application Data\DNA
    2008-07-27 12:10 --------- d-----w C:\Program Files\Sony
    2008-07-24 16:25 --------- d-----w C:\Documents and Settings\gledel\Application Data\GetRightToGo
    2008-07-24 16:11 --------- d-----w C:\Program Files\Microsoft SQL Server
    2008-07-24 16:11 --------- d-----w C:\Documents and Settings\gledel\Application Data\Sony
    2008-07-24 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
    2008-07-24 16:08 --------- d-----w C:\Program Files\Sony Setup
    2008-07-17 11:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-16 12:08 --------- d-----w C:\Program Files\Maxis
    2008-06-21 12:56 2,829 ----a-w C:\WINDOWS\W3DemoUnin.pif
    2008-06-21 12:56 126,976 ----a-w C:\WINDOWS\W3DemoUnin.exe
    2007-05-26 08:31 538 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb8467.dat
    2007-05-26 08:31 374 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb6334.dat
    2007-05-26 08:31 18,432 -c--a-w C:\Documents and Settings\gledel\Application Data\internaldb41.dat
    2006-02-12 11:17 66,382 -c-ha-w C:\Program Files\PFINISH.GID
    2004-10-30 09:47 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-27_19.35.34.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-27 19:23:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_248.dat
    + 2008-08-27 19:23:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 21:10 335872]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-11-25 18:36 1232946]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnlLFvv

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^gledel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
    path=C:\Documents and Settings\gledel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    --a------ 2008-05-24 11:40 289088 C:\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-07-08 18:08 1271032 c:\Program Files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Documents and Settings\\gledel\\Mes documents\\nico fichier\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\ValuSoft\\Chris Moneymakers World Poker Championship\\poker.exe"=
    "C:\\Documents and Settings\\gledel\\Mes documents\\nico fichier\\Limewire 1\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\warfire44\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
    R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 09:56]
    S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys [2005-08-30 13:17]
    S3 archmdm;NEC WMC USB_BJ1 Port Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys [2005-08-30 13:17]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06faf982-893a-11db-a710-0008d30706ab}]
    \Shell\Auto\command - RavMon.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2007-03-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

    2008-08-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4E1904F0-B94C-44CB-B067-4D8C91BA52BA}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-27 21:24:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Ahead\InCD\incdsrv.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-27 21:33:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-27 19:33:04
    ComboFix2.txt 2008-08-27 17:37:35

    Pre-Run: 40,193,740,800 octets libres
    Post-Run: 40,163,651,584 octets libres

    178 --- E O F --- 2008-08-16 09:09:32



    _________


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:35:31, on 27/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 8262 bytes[#5500aa]
    28 Août 2008 15:54:07

    Je fais quoi ensuite ?
    30 Août 2008 13:57:12

    Mon 1er scan avec Antivir a trouvé 5 virus :

    -TR/Keylog/HotKeyHooks.DL trojan
    -2 recognition pattern of the DR/Shopper
    -2 TR/Monder.ixo Trojan

    Il s'était arrêter car mes disques durs se sont mis en veille et je ne pouvait plus le rallumer. J'ai donc du l'éteindre manuellement.J'ai donc relancer un scan.







    Avira AntiVir Personal
    Report file date: samedi 30 août 2008 12:10

    Scanning for 1582788 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-JFJKK179UWM

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 16:35:19
    ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 16:35:21
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 29/08/2008 16:35:32
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 29/08/2008 16:35:29
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 29/08/2008 16:35:28
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 29/08/2008 16:35:24
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 29/08/2008 16:35:21
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 30 août 2008 12:10

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'dumprep.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned
    Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'savedump.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    40 processes with 40 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '59' files ).


    Starting the file scan:

    Begin scan in 'C:\' <67_03_11>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP441\A0434268.dll
    [DETECTION] Is the TR/Monder.ixo Trojan
    [NOTE] The file was moved to '48ed2d38.qua'!
    C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP445\A0440904.exe
    [DETECTION] Contains recognition pattern of the DR/Shopper.L.8 dropper
    [NOTE] The file was moved to '48ed2ede.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: samedi 30 août 2008 13:50
    Used time: 1:39:33 Hour(s)

    The scan has been done completely.

    7887 Scanning directories
    438980 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    438976 Files not concerned
    8152 Archives were scanned
    2 Warnings
    2 Notes

    Là il ma trouver 1 Keylog.HotKeysHooks.CL trojan
    Et "contains suspicious code GEN/pwdZIP



    J'ai placé tout les fichiers en Quarantaine que dois je en faire ?

    Dois je reposter un rapport Hijackthis ?

    Est ce qu'un pare feu personnalisé serais un petit plus pour ma protection ?

    En tout cas le site que vous m'avez donner est une source d'information très complète et très utile .
    Merci !
    a b 8 Sécurité
    30 Août 2008 14:56:50

    Laisse les fichiers en quarantaine et reposte un rapport Hijackthis :) 
    31 Août 2008 21:09:13

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:08:19, on 31/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\dxdiag.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9473 bytes
    _________________

    Ceci est fait j'attends votre réponse.
    Merci déjà pour tout , mon ordi va beaucoup mieux ^^
    a b 8 Sécurité
    31 Août 2008 22:02:09

    Tu as d'autres soucis ?
    31 Août 2008 22:43:06

    Plus aucun !
    Merci pour votre super travail !
    De plus c'est des réponses rapides.
    Je ne manquerais pas de revenir si j'ai le moindre problème !
    Merci !
    a b 8 Sécurité
    1 Septembre 2008 12:58:35

    Bon surf ;) 
    1 Septembre 2008 18:03:53

    En fait j'ai bien d'autres question :
    Ma vérification du volume de mon disque dur ne marche plus.
    Il ne trouve plus le chemin d'accès....
    Tout ca marchait très bien avant.
    Il s'éteint tout seul aussi.
    je ne comprend pas...
    a b 8 Sécurité
    1 Septembre 2008 18:23:12

    Tu devrais voir dans la section Hardware pour ça.
    1 Septembre 2008 18:38:26

    J'y vais de ce pas.
    Merci encore !
    a b 8 Sécurité
    1 Septembre 2008 18:41:57

    Bonne chance.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS