Se connecter / S'enregistrer
Votre question

virus effaceur

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Mai 2008 11:46:44

bonjour je suis infecte par un virus, plein de pop up de jeu s affichent "gladiatus" etc, et ils me vendre "virus effaceur" quelque chose comme ca, merci d avancve pour votre coup de main
cdt

Autres pages sur : virus effaceur

14 Mai 2008 08:24:30

voici le rapport hijackthis, merci d avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15:52, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [2b1b13ad] rundll32.exe "C:\WINDOWS\system32\srngbqhq.dll",b
O4 - HKLM\..\Run: [BM28282031] Rundll32.exe "C:\WINDOWS\system32\nqdfmppo.dll",s
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.errorsafe.com/pages/scanner_fr/ErrorSafeScann...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12319 bytes
Contenus similaires
14 Mai 2008 14:12:09

bonjour

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

14 Mai 2008 23:10:48

Search Navipromo version 3.5.7 commencé le 14/05/2008 à 23:07:33,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Rafael"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Rafael\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\BERNARD\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\NICOLAS\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\FRANCO~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Rafael\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\BERNARD\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\NICOLAS\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\FRANCO~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Rafael\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Rafael\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\BERNARD\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\NICOLAS\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\FRANCO~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Rafael\locals~1\applic~1" :


* Dans "C:\DOCUME~1\BERNARD\locals~1\applic~1" :


* Dans "C:\DOCUME~1\NICOLAS\locals~1\applic~1" :


* Dans "C:\DOCUME~1\FRANCO~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\IOWENqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\moVuCfhk.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\HNVwxyxx.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 14/05/2008 à 23:10:22,23 ***
15 Mai 2008 17:27:00

bonjour

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    16 Mai 2008 00:57:23

    j ai toujours un pop up...
    voila le rapport

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 752

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 251320
    Temps écoulé: 3 hour(s), 1 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 19
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\urqNEWOI.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\cbXRllMd.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cfcc036-17db-4797-8fe4-b67ddfcc0cc0} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{9cfcc036-17db-4797-8fe4-b67ddfcc0cc0} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrllmd (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2b1b13ad (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM28282031 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c23ab0c-0244-4b01-8253-bee724d0d2ec} (Trojan.Vundo) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnewoi -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnewoi -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\euqjordv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vdrojque.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqNEWOI.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\IOWENqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\IOWENqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rvcoqnck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kcnqocvr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfCuVom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\moVuCfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\moVuCfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyxwVNH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\HNVwxyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\HNVwxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kmuohnuc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXRllMd.dll (Trojan.Vundo) -> Delete on reboot.

    16 Mai 2008 12:04:44

    bonjour

    Citation :
    j ai toujours un pop up...

    c'est normal puisque c'est une infection vundo. Je passe les outils dans un certain ordre pour m'éviter de trop longue manipulations après.
    on continue

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    22 Mai 2008 16:15:43

    combofix ne marche pas, je reposte unj nouveau rapport hijack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:14, on 2008-05-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\V3CallCenter\V3faxecp.exe
    C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {326CCF64-0BFE-4F26-AA0D-AB9491E0056D} - C:\WINDOWS\system32\nnnmNHaa.dll (file missing)
    O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\cbXRllMd.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {B41CC7BD-5FA9-47AF-83EA-B076E833F47E} - C:\WINDOWS\system32\urqNEWOI.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
    O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O20 - Winlogon Notify: cbXRllMd - C:\WINDOWS\SYSTEM32\cbXRllMd.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 12975 bytes
    22 Mai 2008 19:41:36

    ne tiens pas compte du precedent poste, combofix a fait son boulot

    voici le rapport:

    ComboFix 08-05-20.5 - Rafael 2008-05-22 19:18:42.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.571 [GMT 2:00]
    Endroit: C:\Documents and Settings\Rafael\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM28282031.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aaHNmnnn.ini
    C:\WINDOWS\system32\aaHNmnnn.ini2
    C:\WINDOWS\system32\bxjqcdhw.dll
    C:\WINDOWS\system32\cbXRllMd.dll
    C:\WINDOWS\system32\cbycxqkc.dll
    C:\WINDOWS\system32\cjhelkhh.dll
    C:\WINDOWS\system32\cqolrgon.dll
    C:\WINDOWS\system32\cwktluqf.dll
    C:\WINDOWS\system32\elqfbjhj.dll
    C:\WINDOWS\system32\evjqnrxq.ini
    C:\WINDOWS\system32\evlwnaxi.ini
    C:\WINDOWS\system32\ggvpaqnj.dll
    C:\WINDOWS\system32\hjogmvap.dll
    C:\WINDOWS\system32\IOWENqru.ini
    C:\WINDOWS\system32\IOWENqru.ini2
    C:\WINDOWS\system32\iqenishx.ini
    C:\WINDOWS\system32\jiyfwphf.exe
    C:\WINDOWS\system32\kbleqlty.ini
    C:\WINDOWS\system32\lmWwHRqr.ini
    C:\WINDOWS\system32\lmWwHRqr.ini2
    C:\WINDOWS\system32\lorpvxgs.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\nmbwgccx.dll
    C:\WINDOWS\system32\nnnmNHaa.dll
    C:\WINDOWS\system32\nqdfmppo.dll
    C:\WINDOWS\system32\ntqiyipp.exe
    C:\WINDOWS\system32\oqfwwpwj.dll
    C:\WINDOWS\system32\ovlefneu.dll
    C:\WINDOWS\system32\pphjawrt.exe
    C:\WINDOWS\system32\qhqbgnrs.ini
    C:\WINDOWS\system32\qinlibon.exe
    C:\WINDOWS\system32\qmghxryp.dll
    C:\WINDOWS\system32\qxrnqjve.dll
    C:\WINDOWS\system32\rbgrutkn.ini
    C:\WINDOWS\system32\rpsmdcyt.exe
    C:\WINDOWS\system32\rqRHwWml.dll
    C:\WINDOWS\system32\ssqQhhEV.dll
    C:\WINDOWS\system32\tqpthxaq.dll
    C:\WINDOWS\system32\urqQhEwv.dll
    C:\WINDOWS\system32\VEhhQqss.ini
    C:\WINDOWS\system32\VEhhQqss.ini2
    C:\WINDOWS\system32\vwEhQqru.ini
    C:\WINDOWS\system32\vwEhQqru.ini2
    C:\WINDOWS\system32\wngefevw.dll
    C:\WINDOWS\system32\wynjrewf.ini
    C:\WINDOWS\winhelp.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 19:31 . 2008-05-22 19:31 <REP> d--hs---- C:\FOUND.005
    2008-05-22 14:25 . 2008-05-22 14:25 <REP> d--hs---- C:\FOUND.004
    2008-05-21 13:30 . 2008-05-21 13:30 <REP> d--hs---- C:\FOUND.003
    2008-05-21 13:07 . 2008-05-21 13:07 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\libresystem
    2008-05-17 19:36 . 2008-05-17 19:36 <REP> d-------- C:\Documents and Settings\Francoise\Application Data\libresystem
    2008-05-17 17:38 . 2008-05-17 17:38 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\libresystem
    2008-05-17 17:33 . 2008-05-17 17:33 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
    2008-05-17 17:30 . 2008-05-17 17:30 263,192 --a------ C:\Documents and Settings\Bernard\Application Data\setup_fr[1].exe
    2008-05-17 01:06 . 2008-05-17 01:06 <REP> d--hs---- C:\FOUND.002
    2008-05-16 14:45 . 2008-05-16 14:45 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\Malwarebytes
    2008-05-15 18:21 . 2008-05-15 18:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\Malwarebytes
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-15 17:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-15 17:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-14 23:06 . 2008-05-14 23:06 <REP> d-------- C:\Program Files\Navilog1
    2008-05-14 09:24 . 2008-05-14 09:25 0 --a------ C:\WINDOWS\system32\0
    2008-05-14 01:20 . 2008-05-14 01:20 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\ubi.com
    2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
    2008-04-29 19:23 . 2001-07-30 18:03 185,344 --a------ C:\WINDOWS\patchw32.dll
    2008-04-29 19:19 . 2008-04-29 19:19 <REP> d-------- C:\Program Files\Destroyer Command
    2008-04-29 19:19 . 2008-04-29 19:23 971,211 --a------ C:\WINDOWS\DESCMDUninst.isu

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 16:28 47,543 ----a-w C:\Program Files\yoyoyo1975281850942823.xml
    2008-05-22 16:03 1,376,454 ----a-w C:\Program Files\beeboune95860580370.xml
    2008-05-22 14:18 60,411 ----a-w C:\Program Files\jboubarne2932337638.xml
    2008-05-21 11:14 52,532 ----a-w C:\Program Files\natino_romeo1040865329.xml
    2008-05-15 15:13 37,417 ----a-w C:\Program Files\patpongcrew2024556737.xml
    2008-05-10 11:31 11,326 ----a-w C:\Program Files\ptititoy1688887506.xml
    2008-05-09 17:42 37,631 ----a-w C:\Program Files\thansita_t125840022.xml
    2008-05-07 12:39 88,811 ----a-w C:\Program Files\divadestruction271957962256.xml
    2008-05-07 10:04 393,407 ----a-w C:\Program Files\lindamoh3654875012.xml
    2008-05-03 13:44 2,296 ----a-w C:\Program Files\rra_792791460023.xml
    2008-04-30 16:26 647 ----a-w C:\Program Files\homlee-hom4118736078.xml
    2008-04-29 15:43 24,411 ----a-w C:\Program Files\khondio1195525883.xml
    2008-04-23 17:23 11,988 ----a-w C:\Program Files\damien.lamiche1568580867.xml
    2008-04-22 15:27 28,032 ----a-w C:\Program Files\wolfgangbergmann12347937819.xml
    2008-04-22 00:23 1,254 ----a-w C:\Program Files\brandseller51279643830.xml
    2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
    2008-04-17 15:29 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
    2008-04-17 15:29 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
    2008-04-17 15:29 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2008-04-17 11:42 646 ----a-w C:\Program Files\katie_birch2596521732.xml
    2008-04-17 10:32 14,615 ----a-w C:\Program Files\florent.sanchez13968981501.xml
    2008-04-16 16:07 79,525 ----a-w C:\Program Files\qingyun1985093969166998.xml
    2008-04-16 12:17 232,366 ----a-w C:\Program Files\shoeslife1694361641.xml
    2008-04-13 21:54 53,934 ----a-w C:\Program Files\honike3046488981.xml
    2008-04-13 20:53 402 ----a-w C:\Program Files\janetanakit3357631153.xml
    2008-04-11 13:30 2,347 ----a-w C:\Program Files\linnz3062760955.xml
    2008-04-02 17:15 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-03-28 11:29 --------- d-----w C:\Documents and Settings\Rafael\Application Data\gtk-2.0
    2008-03-28 11:25 --------- d-----w C:\Program Files\GIMP-2.0
    2008-03-27 19:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\DAEMON Tools
    2008-03-27 15:59 --------- d-----w C:\Program Files\Rowan Software
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-13 15:31 12,160 ----a-w C:\Program Files\MessageLog.xsl
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-17 15:42 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
    2008-02-16 16:41 667 ----a-w C:\Documents and Settings\Rafael\Application Data\waver_2.95.dat
    1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2005-12-04 20:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B41CC7BD-5FA9-47AF-83EA-B076E833F47E}]
    C:\WINDOWS\system32\urqNEWOI.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10 4662776]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-26 11:53 160832]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10 335872]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:48 57344]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-04 00:51 155648]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "InstantAccess"="C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe" [1998-07-07 16:04 37376]
    "RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "Creative Mouse Software"="C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2004-09-23 14:13 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= DivXa32.acm
    "msacm.l3acm"= L3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\WINDOWS\\System32\\LEXPPS.EXE"=
    "C:\\Program Files\\Alibaba\\TradeManager\\TradeManager.exe"=
    "C:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
    "C:\\Program Files\\A4Proxy\\A4Proxy.exe"=
    "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Codemasters\\Heroes of the Pacific\\Heroes.exe"=
    "C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "11506:TCP"= 11506:TCP:BitComet 11506 TCP
    "11506:UDP"= 11506:UDP:BitComet 11506 UDP
    "12267:TCP"= 12267:TCP:BitComet 12267 TCP
    "12267:UDP"= 12267:UDP:BitComet 12267 UDP
    "21349:TCP"= 21349:TCP:BitComet 21349 TCP
    "21349:UDP"= 21349:UDP:BitComet 21349 UDP
    "15740:TCP"= 15740:TCP:BitComet 15740 TCP
    "15740:UDP"= 15740:UDP:BitComet 15740 UDP
    "21123:TCP"= 21123:TCP:BitComet 21123 TCP
    "21123:UDP"= 21123:UDP:BitComet 21123 UDP
    "8041:TCP"= 8041:TCP:BitComet 8041 TCP
    "8041:UDP"= 8041:UDP:BitComet 8041 UDP
    "14608:TCP"= 14608:TCP:BitComet 14608 TCP
    "14608:UDP"= 14608:UDP:BitComet 14608 UDP
    "13612:TCP"= 13612:TCP:BitComet 13612 TCP
    "13612:UDP"= 13612:UDP:BitComet 13612 UDP
    "13034:TCP"= 13034:TCP:BitComet 13034 TCP
    "13034:UDP"= 13034:UDP:BitComet 13034 UDP
    "7729:TCP"= 7729:TCP:BitComet 7729 TCP
    "7729:UDP"= 7729:UDP:BitComet 7729 UDP
    "12468:TCP"= 12468:TCP:BitComet 12468 TCP
    "12468:UDP"= 12468:UDP:BitComet 12468 UDP
    "11952:TCP"= 11952:TCP:BitComet 11952 TCP
    "11952:UDP"= 11952:UDP:BitComet 11952 UDP
    "15055:TCP"= 15055:TCP:BitComet 15055 TCP
    "15055:UDP"= 15055:UDP:BitComet 15055 UDP
    "10216:TCP"= 10216:TCP:BitComet 10216 TCP
    "10216:UDP"= 10216:UDP:BitComet 10216 UDP
    "12956:TCP"= 12956:TCP:BitComet 12956 TCP
    "12956:UDP"= 12956:UDP:BitComet 12956 UDP
    "25252:TCP"= 25252:TCP:BitComet 25252 TCP
    "25252:UDP"= 25252:UDP:BitComet 25252 UDP
    "11176:TCP"= 11176:TCP:BitComet 11176 TCP
    "11176:UDP"= 11176:UDP:BitComet 11176 UDP
    "13924:TCP"= 13924:TCP:BitComet 13924 TCP
    "13924:UDP"= 13924:UDP:BitComet 13924 UDP
    "10296:TCP"= 10296:TCP:BitComet 10296 TCP
    "10296:UDP"= 10296:UDP:BitComet 10296 UDP
    "12124:TCP"= 12124:TCP:BitComet 12124 TCP
    "12124:UDP"= 12124:UDP:BitComet 12124 UDP
    "20486:TCP"= 20486:TCP:BitComet 20486 TCP
    "20486:UDP"= 20486:UDP:BitComet 20486 UDP
    "16358:TCP"= 16358:TCP:BitComet 16358 TCP
    "16358:UDP"= 16358:UDP:BitComet 16358 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 btwavdt;Bluetooth AVDT;C:\WINDOWS\system32\DRIVERS\btwavdt.sys [2007-07-12 06:01]
    S3 btwrchid;btwrchid;C:\WINDOWS\system32\DRIVERS\btwrchid.sys [2007-07-12 06:03]
    S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-17 17:29]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
    S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys []
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-22 17:33:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 19:33:43
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\xfire_lsp_9028.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\TELECA SHARED\CAPABILITYMANAGER.EXE
    C:\Program Files\V3CallCenter\V3faxecp.exe
    C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 19:38:12 - machine was rebooted [Rafael]
    ComboFix-quarantined-files.txt 2008-05-22 17:38:08

    Pre-Run: 6,418,399,232 octets libres
    Post-Run: 9,740,648,448 octets libres

    317 --- E O F --- 2008-05-21 11:15:39


    et voici le nouveau rapport hijack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:40:44, on 22/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\V3CallCenter\V3faxecp.exe
    C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {B41CC7BD-5FA9-47AF-83EA-B076E833F47E} - C:\WINDOWS\system32\urqNEWOI.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
    O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 12954 bytes


    22 Mai 2008 22:26:06

    re

    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    cdspacex
    TwoRabts

    File::
    C:\Documents and Settings\Bernard\Application Data\setup_fr[1].exe
    C:\WINDOWS\system32\urqNEWOI.dll

    Folder::
    C:\Documents and Settings\Rafael\Application Data\libresystem
    C:\Documents and Settings\Francoise\Application Data\libresystem
    C:\Documents and Settings\Bernard\Application Data\libresystem
    C:\Documents and Settings\All Users\Application Data\libresystem


    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B41CC7BD-5FA9-47AF-83EA-B076E833F47E}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    analyse


    ici:
    Virusscan
    Analyse ce fichier :
    C:\Program Files\yoyoyo1975281850942823.xml

    Sur le site de virusscan

    http://virusscan.jotti.org/

    poste-nous le rapport.

    même chose avec:
    C:\Program Files\beeboune95860580370.xml

    22 Mai 2008 23:04:54

    impossible de faire un glisser deposer du fichier txt sur le fichier ComboFix.exe.... les 2 fichiers se trouvent sur le bureau


    sinon voila les 2 rapports de virusscan

    1er:C:\Program Files\yoyoyo1975281850942823.xml


    Scan taken on 22 May 2008 20:54:49 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    2eme: C:\Program Files\beeboune95860580370.xml

    Scan taken on 22 May 2008 21:03:31 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    22 Mai 2008 23:14:39

    à mon avis tu t'es trompé de nom, je ne vois que ça:
    il faut que le fichier texte se nomme CFScript.txt

    pour afficher les extensions:
    Ouvre un dossier (n’importe lequel)/outil/option des dossiers:Masquer les extensions de fichiers connus décoche-cela.
    23 Mai 2008 11:23:15

    toujours rien le fichier est bien celui ci CFScript.txt et j ai bien decocher: Masquer les extensions de fichiers connus, je sais pas quoi faire...
    23 Mai 2008 21:07:58

    re

    supprime ta version de combofix et recommence avec une nouvelle version
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS