Se connecter / S'enregistrer
Votre question

CHEVAL DE 3 SUR XP

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Mai 2008 18:22:07

bonjour
comme tout le monde je possede avast free edition et je me suis chopé un cheval de troie (alarme; sirene, ...)
j'ai lance hijackthis et voici le rapport
merci de m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:07, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [WD_SRT] "C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNxpt410YYFR
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6193 bytes

Autres pages sur : cheval

a b 8 Sécurité
21 Mai 2008 19:15:54

Bonjour,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    21 Mai 2008 21:23:18

    g suivi la pocedure mais lorsque je lance le fichier run this.bat en mode sans echec, j'appuie sur Y puis sur entrée, et là apres quelques secondes s'affiche " non de fichier ou de commande incorrect, impossible de charger IPX/SPX VDM"

    voilà je c pas koi faire à present!
    Contenus similaires
    22 Mai 2008 11:50:03

    R E C T I F I C A T I O N
    finalement le dossier sdfix a marché et s'est deroulé comme tu l'as dit dans ton post.
    ci joint le rapport " report.txt" ainsi que hijackthis et merci.


    SDFix: Version 1.184
    Run by HOME on 22/05/2008 at 11:35

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\HOME\Bureau\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\~PZ2.TMP - Deleted
    C:\~PZ4.TMP - Deleted
    C:\WINDOWS\system\smss.exe - Deleted
    C:\WINDOWS\system\smvss.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 11:44:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
    "C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"="C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe:*:Enabled:X-Lite"
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\37exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\37exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\63exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\63exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\0exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\0exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\6exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\6exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\84exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\84exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\66exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\66exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\82exinjs.ab.exe"="C:\\DOCUME~1\\HOME\\LOCALS~1\\Temp\\82exinjs.ab.exe:*:Enabled:Microsoft Update"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\69exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\69exmdnk35.exe:*:D isabled:69exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\6exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\6exmdnk35.exe:*:D isabled:6exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\31exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\31exmdnk35.exe:*:D isabled:31exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\84exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\84exmdnk35.exe:*:Enabled:84exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\0exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\0exmdnk35.exe:*:Enabled:0exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\25exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\25exmdnk35.exe:*:Enabled:25exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\79exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\79exmdnk35.exe:*:Enabled:79exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk35.exe:*:Enabled:80exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\81exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\81exmdnk35.exe:*:Enabled:81exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\32exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\32exmdnk35.exe:*:Enabled:32exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\72exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\72exmdnk35.exe:*:D isabled:72exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\17exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\17exmdnk35.exe:*:Enabled:17exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\65exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\65exmdnk35.exe:*:D isabled:65exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\62exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\62exmdnk35.exe:*:D isabled:62exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\92exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\92exmdnk35.exe:*:Enabled:92exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\20exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\20exmdnk35.exe:*:D isabled:20exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\15exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\15exmdnk35.exe:*:D isabled:15exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\26exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\26exmdnk35.exe:*:D isabled:26exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\7exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\7exmdnk35.exe:*:D isabled:7exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk35.exe:*:D isabled:35exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\54exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\54exmdnk35.exe:*:D isabled:54exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\52exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\52exmdnk35.exe:*:D isabled:52exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\96exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\96exmdnk35.exe:*:D isabled:96exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\98exmdnk35.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\98exmdnk35.exe:*:D isabled:98exmdnk35"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\96exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\96exmdnk36.exe:*:D isabled:96exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\62exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\62exmdnk36.exe:*:D isabled:62exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\68exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\68exmdnk36.exe:*:D isabled:68exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\83exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\83exmdnk36.exe:*:D isabled:83exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\76exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\76exmdnk36.exe:*:D isabled:76exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\67exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\67exmdnk36.exe:*:D isabled:67exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\46exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\46exmdnk36.exe:*:D isabled:46exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\91exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\91exmdnk36.exe:*:D isabled:91exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\33exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\33exmdnk36.exe:*:D isabled:33exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\45exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\45exmdnk36.exe:*:Enabled:45exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\95exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\95exmdnk36.exe:*:D isabled:95exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\74exmdnk36.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\74exmdnk36.exe:*:D isabled:74exmdnk36"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\95exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\95exmdnk37.exe:*:D isabled:95exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\55exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\55exmdnk37.exe:*:Enabled:55exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk37.exe:*:D isabled:35exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk37.exe:*:D isabled:80exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\12exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\12exmdnk37.exe:*:D isabled:12exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\47exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\47exmdnk37.exe:*:D isabled:47exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\36exmdnk37.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\36exmdnk37.exe:*:D isabled:36exmdnk37"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\9exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\9exmdnk38.exe:*:Enabled:9exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\88exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\88exmdnk38.exe:*:Enabled:88exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk38.exe:*:D isabled:35exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\14exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\14exmdnk38.exe:*:Enabled:14exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\80exmdnk38.exe:*:Enabled:80exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\55exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\55exmdnk38.exe:*:Enabled:55exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\18exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\18exmdnk38.exe:*:D isabled:18exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\93exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\93exmdnk38.exe:*:D isabled:93exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\53exmdnk38.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\53exmdnk38.exe:*:D isabled:53exmdnk38"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\1exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\1exmdnk41.exe:*:D isabled:1exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\84exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\84exmdnk41.exe:*:D isabled:84exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\35exmdnk41.exe:*:D isabled:35exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\7exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\7exmdnk41.exe:*:D isabled:7exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\50exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\50exmdnk41.exe:*:D isabled:50exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\51exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\51exmdnk41.exe:*:D isabled:51exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\10exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\10exmdnk41.exe:*:D isabled:10exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\36exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\36exmdnk41.exe:*:D isabled:36exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\26exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\26exmdnk41.exe:*:D isabled:26exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\74exmdnk41.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\74exmdnk41.exe:*:D isabled:74exmdnk41"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\41exmdnk42.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\41exmdnk42.exe:*:D isabled:41exmdnk42"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\2exmdnk42.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\2exmdnk42.exe:*:D isabled:2exmdnk42"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\37exmdnk42.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\37exmdnk42.exe:*:D isabled:37exmdnk42"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\81exmdnk42.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\81exmdnk42.exe:*:D isabled:81exmdnk42"
    "C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\9exmdnk42.exe"="C:\\Documents and Settings\\HOME\\Local Settings\\Temp\\9exmdnk42.exe:*:D isabled:9exmdnk42"

    rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:51:41, on 22/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [WD_SRT] "C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: USBControl.lnk = ?
    O8 - Extra context menu item: &Search - ?p=ZNxpt410YYFR
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 5561 bytes
    a b 8 Sécurité
    22 Mai 2008 13:13:28

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    22 Mai 2008 16:45:07

    ok g suivi la procedure, voici le rapport

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 775

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 192021
    Temps écoulé: 2 hour(s), 50 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.

    a b 8 Sécurité
    22 Mai 2008 16:48:47

    Reposte un rapport Hijackthis.
    22 Mai 2008 19:31:46

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:31:28, on 22/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [WD_SRT] "C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: USBControl.lnk = ?
    O8 - Extra context menu item: &Search - ?p=ZNxpt410YYFR
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 5524 bytes
    23 Mai 2008 20:17:37


    Avira AntiVir Personal
    Report file date: vendredi 23 mai 2008 18:16

    Scanning for 1285666 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: UNICORNI-5A0E14

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:15:07
    ANTIVIR3.VDF : 7.0.4.84 148480 Bytes 23/05/2008 16:15:09
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 23/05/2008 16:15:22
    AESCN.DLL : 8.1.0.18 119156 Bytes 23/05/2008 16:15:21
    AERDL.DLL : 8.1.0.20 418165 Bytes 23/05/2008 16:15:20
    AEPACK.DLL : 8.1.1.5 364918 Bytes 23/05/2008 16:15:19
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 23/05/2008 16:15:17
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 23/05/2008 16:15:16
    AEHELP.DLL : 8.1.0.14 115063 Bytes 23/05/2008 16:15:13
    AEGEN.DLL : 8.1.0.21 303477 Bytes 23/05/2008 16:15:12
    AEEMU.DLL : 8.1.0.6 430451 Bytes 23/05/2008 16:15:11
    AECORE.DLL : 8.1.0.29 168311 Bytes 23/05/2008 16:15:10
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 23 mai 2008 18:16

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'WD_SRT.exe' - '1' Module(s) have been scanned
    Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    29 processes with 29 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '24' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\HOME\Bureau\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/smss.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    --> backups/smvss.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [NOTE] The file was moved to '4899ef21.qua'!
    C:\Program Files\eMule\Incoming\[PC GAME NO CD] Flight Simulator X crack.zip
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '4879f043.qua'!
    C:\Program Files\eMule\Incoming\[PC GAME] Flight Simulator X cracked.zip
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '4879f045.qua'!
    C:\Program Files\eMule\Incoming\[PC GAME NO CD] Flight Simulator X crack\install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '48a9f066.qua'!
    C:\System Volume Information\_restore{C4874C7C-2F1E-4C0A-A0A7-38511ED817AD}\RP311\A0038092.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [NOTE] The file was moved to '4866f29a.qua'!
    C:\System Volume Information\_restore{C4874C7C-2F1E-4C0A-A0A7-38511ED817AD}\RP311\A0038093.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [NOTE] The file was moved to '4866f29d.qua'!
    C:\System Volume Information\_restore{C4874C7C-2F1E-4C0A-A0A7-38511ED817AD}\RP311\A0038101.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [NOTE] The file was moved to '4866f29f.qua'!
    C:\System Volume Information\_restore{C4874C7C-2F1E-4C0A-A0A7-38511ED817AD}\RP311\A0038102.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
    [NOTE] The file was moved to '4866f2a2.qua'!
    C:\System Volume Information\_restore{C4874C7C-2F1E-4C0A-A0A7-38511ED817AD}\RP314\A0038359.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '4866f2b1.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    D:\Mes Documents salomon\Copie Emule\ MSN Messenger (7 y 8) + Utilidades + Hacks + Skins + Bots + Plus! + Poligamy + Cracks.zip
    [0] Archive type: ZIP
    --> CeDPStealer2Setup(www.PortalMes.com).zip
    [1] Archive type: ZIP
    --> CeDPStealer2Setup(www.PortalMes.com).exe
    [DETECTION] Contains detection pattern of the dropper DR/Drop.VB.AV
    --> PsykoLogger.zip
    [1] Archive type: ZIP
    --> Psyko Logger.exe
    [DETECTION] Is the Trojan horse TR/Dldr.MDZ
    --> Msn6BloqueaGrupos.zip
    [1] Archive type: ZIP
    --> Msn6BloqueaGrupos.exe
    [DETECTION] Is the Trojan horse TR/Flood.VB.JE
    --> fLoverFuckingsNicks.zip
    [1] Archive type: ZIP
    --> fLoverFuckingsNicks.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mosuck.06 Backdoor server programs
    --> blockbuster.zip
    [1] Archive type: ZIP
    --> blockbuster.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was moved to '4889f891.qua'!
    D:\Mes Documents salomon\eMule\Incoming\[PC GAME NO CD] Flight Simulator X crack.zip
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '4879fdf9.qua'!
    D:\Mes Documents salomon\eMule\Incoming\[PC GAME] Flight Simulator X cracked.zip
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '4879fdfb.qua'!
    D:\Mes Documents salomon\eMule\Incoming\[PC GAME NO CD] Flight Simulator X crack\install.exe
    [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
    [NOTE] The file was moved to '48a9fe1a.qua'!
    D:\Mes Documents salomon\Utilitaires\AntiVirus\Avast_antivirus.rar
    [0] Archive type: RAR
    --> Avast_antivirus\keygen.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The file was moved to '489805db.qua'!
    D:\Mes Documents salomon\Utilitaires\AntiVirus\Avast_antivirus\Avast_antivirus\keygen.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The file was moved to '48b005cd.qua'!


    End of the scan: vendredi 23 mai 2008 20:14
    Used time: 1:58:13 min

    The scan has been done completely.

    11267 Scanning directories
    958512 Files were scanned
    18 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    15 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    958494 Files not concerned
    11607 Archives were scanned
    2 Warnings
    15 Notes

    a b 8 Sécurité
    24 Mai 2008 12:31:11

    Reposte un rapport Hijackthis.
    24 Mai 2008 23:38:47

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:41:51, on 24/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [WD_SRT] "C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: USBControl.lnk = ?
    O8 - Extra context menu item: &Search - ?p=ZNxpt410YYFR
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photobox.fr/assets/aurigma/ImageUploader4.ca...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --
    End of file - 5393 bytes
    a b 8 Sécurité
    25 Mai 2008 12:11:15

    Encore des soucis ?
    25 Mai 2008 18:43:07

    depuis la fin des procedures indiquées, "l'alarme cheval de troie" a disparu.

    donc je crois que je vous dois des remerciements

    je vous tiendrais au courant au cas ou les symptomes reapparaitraient.

    encore une fois merci
    :) 

    :hello: 
    a b 8 Sécurité
    25 Mai 2008 18:51:32

    No problem ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS