Se connecter / S'enregistrer
Votre question

infecté : Win32:TratBHO [Trj]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Avril 2008 16:38:28

bonjour, je suis infecté selon ce très cher Avast par un joli trojan portant le doux nom de "Win32:TratBHO [Trj]"
Le fichier contaminé est :
C:\WINDOWS\system32\nnnmmjHw.dll
Quelqu'un peut m'aider à m'en débarasser ?

Autres pages sur : infecte win32 tratbho trj

a b 8 Sécurité
30 Avril 2008 16:40:17

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Avril 2008 16:53:47

    Ok, juste 5 minutes, parce que apparemment, il bloque mes téléchargement avec firefox (ou autre chose, j'en sais rien). Je vais sur IE, et je poste le rapport aussi tôt que possible.
    Contenus similaires
    a b 8 Sécurité
    30 Avril 2008 16:55:46

    No problem.
    30 Avril 2008 17:19:54

    Voili voilou :

    ComboFix 08-04-29.3 - anthony 2008-04-30 16:59:27.1 - NTFSx86
    Endroit: C:\Documents and Settings\anthony\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\elmibsww.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nnnmmjHw.dll
    C:\WINDOWS\system32\pwxyvxqr.ini
    C:\WINDOWS\system32\vpiaksde.dll
    C:\WINDOWS\system32\wHjmmnnn.ini
    C:\WINDOWS\system32\wHjmmnnn.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-30 16:50 . 2008-04-30 16:55 <REP> d-------- C:\Program Files\a-squared Free
    2008-04-30 16:46 . 2008-04-30 16:46 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-30 16:46 . 2008-04-30 16:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-30 16:45 . 2008-04-30 16:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-29 21:55 . 2008-04-29 21:56 <REP> d-------- C:\Program Files\EPSON
    2008-04-29 21:55 . 2004-02-27 06:01 79,654 --a------ C:\WINDOWS\system32\E_FLM9BE.DLL
    2008-04-29 21:55 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9BE.DLL
    2008-04-29 21:55 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9BE.DLL
    2008-04-29 21:55 . 2003-04-10 06:40 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-04-29 21:54 . 2008-04-29 21:54 <REP> d-------- C:\EPSON
    2008-04-29 21:05 . 2008-04-29 21:05 <REP> d-------- C:\WINDOWS\system32\usbdevice
    2008-04-29 21:05 . 2008-04-29 21:05 <REP> d-------- C:\Program Files\TRENDnet
    2008-04-29 21:03 . 2008-04-29 21:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-29 20:48 . 2008-04-29 20:49 <REP> d-------- C:\Documents and Settings\anthony\Application Data\DivX
    2008-04-29 20:46 . 2008-03-21 22:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-04-29 20:46 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-04-29 20:46 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-04-29 20:46 . 2008-03-21 22:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-04-29 20:46 . 2008-03-21 22:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-04-29 20:39 . 2008-04-29 20:46 <REP> d-------- C:\Program Files\DivX
    2008-04-28 18:44 . 2008-04-29 21:32 109,774 --a------ C:\WINDOWS\BMa799dc84.xml
    2008-04-27 21:58 . 2008-04-29 21:20 <REP> d-------- C:\Documents and Settings\anthony\Application Data\BitTorrent
    2008-04-27 21:57 . 2008-04-27 21:57 <REP> d-------- C:\Program Files\DNA
    2008-04-27 21:57 . 2008-04-27 21:57 <REP> d-------- C:\Program Files\BitTorrent
    2008-04-27 21:57 . 2008-04-30 17:03 <REP> d-------- C:\Documents and Settings\anthony\Application Data\DNA
    2008-04-27 18:46 . 2008-04-27 18:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-27 18:46 . 2008-04-27 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-27 15:20 . 2008-04-27 15:20 <REP> d-------- C:\Program Files\iPod
    2008-04-27 15:20 . 2008-04-27 15:20 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Apple Computer
    2008-04-27 15:20 . 2008-04-30 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-27 15:20 . 2008-04-27 15:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-27 15:19 . 2008-04-27 15:20 <REP> d-------- C:\Program Files\iTunes
    2008-04-27 15:19 . 2008-04-27 15:19 <REP> d-------- C:\Program Files\Bonjour
    2008-04-27 15:18 . 2008-04-27 15:19 <REP> d-------- C:\Program Files\QuickTime
    2008-04-27 15:18 . 2008-04-27 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-27 15:17 . 2008-04-27 15:17 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-27 15:16 . 2008-04-27 15:16 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-27 15:16 . 2008-04-27 15:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-25 22:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-25 22:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-04-25 22:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-25 22:06 . 2008-04-25 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-24 20:38 . 2008-04-24 20:38 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-04-24 20:34 . 2008-04-24 20:39 <REP> d-------- C:\Documents and Settings\anthony\Contacts
    2008-04-24 20:33 . 2008-04-27 15:17 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-24 20:26 . 2008-04-24 20:32 <REP> d-------- C:\Program Files\Windows Live
    2008-04-24 20:26 . 2008-04-24 20:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-24 20:26 . 2008-04-24 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-24 01:02 . 2008-04-24 01:02 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-24 00:57 . 2008-04-27 14:51 <REP> d-------- C:\Documents and Settings\anthony\Application Data\OpenOffice.org2
    2008-04-24 00:32 . 2008-04-24 00:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-24 00:19 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-04-24 00:19 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-04-24 00:19 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-04-24 00:18 . 2008-04-24 00:18 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-04-24 00:15 . 2008-04-24 00:15 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-04-24 00:15 . 2008-04-24 00:17 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-04-24 00:15 . 2008-04-24 00:15 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-24 00:12 . 2008-04-24 00:12 <REP> d-------- C:\Program Files\MSBuild
    2008-04-24 00:08 . 2008-04-24 00:48 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-24 00:08 . 2008-04-24 00:08 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-24 00:06 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-24 00:05 . 2008-04-24 00:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-24 00:05 . 2008-04-24 00:06 <REP> d-------- C:\df985b1c9db897eff18408659f55b27b
    2008-04-10 23:30 . 2008-04-10 23:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-04-10 23:29 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-10 23:16 . 2008-04-10 23:16 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-10 22:47 . 2008-04-10 22:47 <REP> d---s---- C:\Documents and Settings\anthony\UserData
    2008-04-10 22:43 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-04-10 20:46 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-10 20:45 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-04-10 20:35 . 2008-04-24 00:26 1,692 --a------ C:\WINDOWS\mozver.dat
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\Voisinage r‚seau
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\Voisinage d'impression
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\ModŠles
    2008-04-10 20:26 . 2008-04-30 16:50 <REP> dr------- C:\Documents and Settings\anthony\Mes documents
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\anthony\Menu D‚marrer
    2008-04-10 20:26 . 2008-04-10 20:27 <REP> dr------- C:\Documents and Settings\anthony\Favoris
    2008-04-10 20:26 . 2008-04-30 17:02 <REP> dr------- C:\Documents and Settings\anthony\Bureau
    2008-04-10 20:26 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\anthony\Application Data\You've Got Pictures Screensaver
    2008-04-10 20:26 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Symantec
    2008-04-10 20:26 . 2008-04-30 17:03 <REP> d-------- C:\Documents and Settings\anthony
    2008-04-10 20:26 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-10 20:26 . 2008-04-30 17:09 139,264 --ah----- C:\Documents and Settings\anthony\ntuser.dat.LOG
    2008-04-10 20:26 . 2008-04-27 18:48 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    2008-04-10 19:36 . 2008-04-10 19:36 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
    2008-04-10 19:36 . 2008-04-10 19:36 61 --a------ C:\WINDOWS\smscfg.ini
    2008-04-10 19:35 . 2008-04-10 19:35 775,800 --a------ C:\WINDOWS\system\RESTORE.INS
    2008-04-10 19:35 . 2008-04-10 19:35 775,800 --a------ C:\WINDOWS\RESTORE.INS
    2008-04-10 19:31 . 2008-04-10 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
    2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\mysql
    2008-04-10 19:30 . 2001-11-02 02:12 36,864 --a------ C:\WINDOWS\jRegistryKey.dll
    2008-04-10 19:30 . 2008-04-10 19:30 289 --a------ C:\WINDOWS\my.ini
    2008-04-10 19:28 . 2008-04-10 19:31 <REP> d-------- C:\Program Files\Sonic
    2008-04-10 19:28 . 2008-04-10 19:28 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
    2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-04-10 19:27 . 2004-10-08 02:58 5,396 --a------ C:\WINDOWS\system32\drivers\ASIOMI.sys
    2008-04-10 19:26 . 2008-04-10 19:26 <REP> d-------- C:\Program Files\Dynamic Toolbar
    2008-04-10 19:26 . 2008-04-10 19:26 <REP> d-------- C:\Program Files\CyberLink
    2008-04-10 19:26 . 2004-10-08 03:01 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-04-10 19:26 . 2004-10-08 03:01 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-04-10 19:23 . 2008-04-24 03:21 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-10 19:23 . 2008-04-10 19:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
    2008-04-10 19:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-04-10 19:22 . 2008-04-10 20:24 7,154 --a------ C:\WINDOWS\HDReg.ini
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Viewpoint
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Real
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Learn2.com
    2008-04-10 19:21 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\AOL Toolbar
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\AOL Compagnon
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-04-10 19:20 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\AOL 9.0
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2008-04-10 19:20 . 2003-09-16 10:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-10 19:20 . 2003-09-09 14:06 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-04-10 19:20 . 2004-04-08 05:27 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
    2008-04-10 19:20 . 2003-01-10 16:13 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
    2008-04-10 19:20 . 2008-04-10 19:22 800 --ah----- C:\IPH.PH
    2008-04-10 19:20 . 2008-04-10 19:20 335 --a------ C:\WINDOWS\nsreg.dat
    2008-04-10 19:14 . 2008-04-24 00:27 <REP> d--h----- C:\WINDOWS\$hf_mig$

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 17:21 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
    2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}"= C:\WINDOWS\system32\pbfrv2.dll [ ]

    [HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d}]
    [HKEY_CLASSES_ROOT\pbfrv2.PBFRV2]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-27 21:57 288576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12 684032]
    "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "\\Pcamvl\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe"
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "SoundMan"=SOUNDMAN.EXE
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
    R3 TNET1130;TNET1130 WLAN Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-07-29 08:28]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-10 18:26:04 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-04-10 18:26:05 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-30 17:08:35
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 9

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\Pcamvl\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P35 \"\\\\Pcamvl\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-30 17:14:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-30 15:14:45

    Pre-Run: 24,292,081,664 octets libres
    Post-Run: 24,499,781,632 octets libres

    249 --- E O F --- 2008-04-24 01:18:59
    a b 8 Sécurité
    30 Avril 2008 17:25:45

    On continue la chasse.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    30 Avril 2008 19:11:05

    Re-voili voilou :
    Alors, docteur, je suis encore malade ?

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 702

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 81566
    Temps écoulé: 1 hour(s), 29 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 46

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmmjHw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP12\A0003182.dll (Adware.2020Search) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0004476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    30 Avril 2008 19:19:25

    Refais un scan Combofix :) 
    30 Avril 2008 19:33:57

    ComboFix 08-04-29.3 - anthony 2008-04-30 19:24:33.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.137 [GMT 2:00]
    Endroit: C:\Documents and Settings\anthony\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-30 17:29 . 2008-04-30 17:29 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Malwarebytes
    2008-04-30 17:28 . 2008-04-30 17:28 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-30 17:28 . 2008-04-30 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-30 16:50 . 2008-04-30 16:55 <REP> d-------- C:\Program Files\a-squared Free
    2008-04-30 16:46 . 2008-04-30 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-29 21:55 . 2008-04-29 21:56 <REP> d-------- C:\Program Files\EPSON
    2008-04-29 21:55 . 2004-02-27 06:01 79,654 --a------ C:\WINDOWS\system32\E_FLM9BE.DLL
    2008-04-29 21:55 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9BE.DLL
    2008-04-29 21:55 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9BE.DLL
    2008-04-29 21:55 . 2003-04-10 06:40 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-04-29 21:54 . 2008-04-29 21:54 <REP> d-------- C:\EPSON
    2008-04-29 21:05 . 2008-04-29 21:05 <REP> d-------- C:\WINDOWS\system32\usbdevice
    2008-04-29 21:05 . 2008-04-29 21:05 <REP> d-------- C:\Program Files\TRENDnet
    2008-04-29 21:03 . 2008-04-29 21:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-29 20:48 . 2008-04-29 20:49 <REP> d-------- C:\Documents and Settings\anthony\Application Data\DivX
    2008-04-29 20:46 . 2008-03-21 22:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-04-29 20:46 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-04-29 20:46 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-04-29 20:46 . 2008-03-21 22:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-04-29 20:46 . 2008-03-21 22:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-04-29 20:39 . 2008-04-29 20:46 <REP> d-------- C:\Program Files\DivX
    2008-04-28 18:44 . 2008-04-29 21:32 109,774 --a------ C:\WINDOWS\BMa799dc84.xml
    2008-04-27 21:58 . 2008-04-29 21:20 <REP> d-------- C:\Documents and Settings\anthony\Application Data\BitTorrent
    2008-04-27 21:57 . 2008-04-27 21:57 <REP> d-------- C:\Program Files\DNA
    2008-04-27 21:57 . 2008-04-27 21:57 <REP> d-------- C:\Program Files\BitTorrent
    2008-04-27 21:57 . 2008-04-30 19:28 <REP> d-------- C:\Documents and Settings\anthony\Application Data\DNA
    2008-04-27 18:46 . 2008-04-27 18:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-27 18:46 . 2008-04-27 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-27 15:20 . 2008-04-27 15:20 <REP> d-------- C:\Program Files\iPod
    2008-04-27 15:20 . 2008-04-27 15:20 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Apple Computer
    2008-04-27 15:20 . 2008-04-30 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-27 15:20 . 2008-04-27 15:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-27 15:19 . 2008-04-27 15:20 <REP> d-------- C:\Program Files\iTunes
    2008-04-27 15:19 . 2008-04-27 15:19 <REP> d-------- C:\Program Files\Bonjour
    2008-04-27 15:18 . 2008-04-27 15:19 <REP> d-------- C:\Program Files\QuickTime
    2008-04-27 15:18 . 2008-04-27 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-27 15:17 . 2008-04-27 15:17 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-27 15:16 . 2008-04-27 15:16 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-27 15:16 . 2008-04-27 15:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-25 22:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-25 22:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-04-25 22:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-25 22:06 . 2008-04-25 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-24 20:38 . 2008-04-24 20:38 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-04-24 20:34 . 2008-04-24 20:39 <REP> d-------- C:\Documents and Settings\anthony\Contacts
    2008-04-24 20:33 . 2008-04-27 15:17 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-24 20:26 . 2008-04-24 20:32 <REP> d-------- C:\Program Files\Windows Live
    2008-04-24 20:26 . 2008-04-24 20:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-24 20:26 . 2008-04-24 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-24 01:02 . 2008-04-24 01:02 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-24 00:57 . 2008-04-27 14:51 <REP> d-------- C:\Documents and Settings\anthony\Application Data\OpenOffice.org2
    2008-04-24 00:32 . 2008-04-24 00:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-24 00:19 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-04-24 00:19 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-04-24 00:19 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-04-24 00:18 . 2008-04-24 00:18 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-04-24 00:15 . 2008-04-24 00:15 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-04-24 00:15 . 2008-04-24 00:17 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-04-24 00:15 . 2008-04-24 00:15 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-24 00:12 . 2008-04-24 00:12 <REP> d-------- C:\Program Files\MSBuild
    2008-04-24 00:08 . 2008-04-24 00:48 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-24 00:08 . 2008-04-24 00:08 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-24 00:06 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-24 00:05 . 2008-04-24 00:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-24 00:05 . 2008-04-24 00:06 <REP> d-------- C:\df985b1c9db897eff18408659f55b27b
    2008-04-10 23:30 . 2008-04-10 23:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-04-10 23:29 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-10 23:16 . 2008-04-10 23:16 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-10 22:47 . 2008-04-10 22:47 <REP> d---s---- C:\Documents and Settings\anthony\UserData
    2008-04-10 22:43 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-04-10 20:46 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-10 20:45 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-04-10 20:35 . 2008-04-24 00:26 1,692 --a------ C:\WINDOWS\mozver.dat
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\Voisinage réseau
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\Voisinage d'impression
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\anthony\Modèles
    2008-04-10 20:26 . 2008-04-30 16:50 <REP> dr------- C:\Documents and Settings\anthony\Mes documents
    2008-04-10 20:26 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\anthony\Menu Démarrer
    2008-04-10 20:26 . 2008-04-10 20:27 <REP> dr------- C:\Documents and Settings\anthony\Favoris
    2008-04-10 20:26 . 2008-04-30 19:08 <REP> dr------- C:\Documents and Settings\anthony\Bureau
    2008-04-10 20:26 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\anthony\Application Data\You've Got Pictures Screensaver
    2008-04-10 20:26 . 2008-04-10 19:23 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Symantec
    2008-04-10 20:26 . 2008-04-30 17:03 <REP> d-------- C:\Documents and Settings\anthony
    2008-04-10 20:26 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-10 20:26 . 2008-04-30 19:27 49,152 --ah----- C:\Documents and Settings\anthony\ntuser.dat.LOG
    2008-04-10 20:26 . 2008-04-27 18:48 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    2008-04-10 19:36 . 2008-04-10 19:36 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
    2008-04-10 19:36 . 2008-04-10 19:36 61 --a------ C:\WINDOWS\smscfg.ini
    2008-04-10 19:35 . 2008-04-10 19:35 775,800 --a------ C:\WINDOWS\system\RESTORE.INS
    2008-04-10 19:35 . 2008-04-10 19:35 775,800 --a------ C:\WINDOWS\RESTORE.INS
    2008-04-10 19:31 . 2008-04-10 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
    2008-04-10 19:30 . 2008-04-10 19:30 <REP> d-------- C:\mysql
    2008-04-10 19:30 . 2001-11-02 02:12 36,864 --a------ C:\WINDOWS\jRegistryKey.dll
    2008-04-10 19:30 . 2008-04-10 19:30 289 --a------ C:\WINDOWS\my.ini
    2008-04-10 19:28 . 2008-04-10 19:31 <REP> d-------- C:\Program Files\Sonic
    2008-04-10 19:28 . 2008-04-10 19:28 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
    2008-04-10 19:27 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-04-10 19:27 . 2004-10-08 02:58 5,396 --a------ C:\WINDOWS\system32\drivers\ASIOMI.sys
    2008-04-10 19:26 . 2008-04-10 19:26 <REP> d-------- C:\Program Files\CyberLink
    2008-04-10 19:26 . 2004-10-08 03:01 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2008-04-10 19:26 . 2004-10-08 03:01 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-04-10 19:23 . 2008-04-24 03:21 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-10 19:23 . 2008-04-10 19:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
    2008-04-10 19:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-04-10 19:22 . 2008-04-10 20:24 7,154 --a------ C:\WINDOWS\HDReg.ini
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Viewpoint
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Real
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Learn2.com
    2008-04-10 19:21 . 2008-04-10 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\AOL Toolbar
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\AOL Compagnon
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-04-10 19:21 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-04-10 19:20 . 2008-04-10 19:22 <REP> d-------- C:\Program Files\AOL 9.0
    2008-04-10 19:20 . 2008-04-10 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2008-04-10 19:20 . 2003-09-16 10:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-10 19:20 . 2003-09-09 14:06 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-04-10 19:20 . 2004-04-08 05:27 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
    2008-04-10 19:20 . 2003-01-10 16:13 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
    2008-04-10 19:20 . 2008-04-10 19:22 800 --ah----- C:\IPH.PH
    2008-04-10 19:20 . 2008-04-10 19:20 335 --a------ C:\WINDOWS\nsreg.dat
    2008-04-10 19:14 . 2008-04-24 00:27 <REP> d--h----- C:\WINDOWS\$hf_mig$

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 17:21 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
    2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-30_17.14.31.74 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-30 15:04:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-30 17:07:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-30 17:07:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-27 21:57 288576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12 684032]
    "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "\\Pcamvl\EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2008-04-29 21:05:15 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe"
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "SoundMan"=SOUNDMAN.EXE
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
    R3 TNET1130;TNET1130 WLAN Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-07-29 08:28]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

    *Newly Created Service* - APPMGMT
    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-10 18:26:04 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-04-10 18:26:05 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-30 19:27:52
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\Pcamvl\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P35 \"\\\\Pcamvl\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Temps d'accomplissement: 2008-04-30 19:30:25
    ComboFix-quarantined-files.txt 2008-04-30 17:30:10
    ComboFix2.txt 2008-04-30 15:14:50

    Pre-Run: 24,511,225,856 octets libres
    Post-Run: 24,501,751,808 octets libres

    246 --- E O F --- 2008-04-24 01:18:59
    30 Avril 2008 20:13:48

    Alors, docteur, qu'est-ce que ça dit ?
    a b 8 Sécurité
    30 Avril 2008 20:15:36

    Tu as encore des problèmes ?
    30 Avril 2008 20:19:19

    Ben non, tout marche nikel :) 
    Mais j'y connais rien, donc j'attendais confirmation.
    Mais apparemment, c'est bon, donc je te remercie ;) 
    30 Avril 2008 20:25:58

    J'aimerai que qq m'aide j'essais de me débarrasser de win32 tratbho et je ne sais pas comment faire.
    Merci d'avance.
    30 Avril 2008 20:29:28

    j'ai une idée pour toi, crée un topic en expliquant problème précisément, et quelqu'un te répondras forcément ;) 
    30 Avril 2008 20:31:13

    Angeldark
    Je me permets de faire appel à vos services mais je vous préviens je suis pas terrible en informatique. Merci de votre patience.
    30 Avril 2008 20:35:00

    Avast m'a trouvé win32tratbho, j'ai lu et parcouru pas mal de forum et tous on fait appel à hijackthis. Donc je l'ai télécharger et j'ai un rapport d'erreur prêt à être examiner .
    Aidez moi svp !
    a b 8 Sécurité
    30 Avril 2008 21:26:50

    Merci de créer ton propre sujet comme indiqué dans les règles...
    ***
    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    1 Mai 2008 11:11:05

    Bonjour,
    J'ai télécharger Toolscleaner2.
    J'ai fait rechercher. J'ai fait supprimer. Mais lorsque je fais quitter il m'ouvre une fenêtre : impossible de créer le fichier "C:TCleaner.txt" accès refusé.
    Je fais quoi.
    Merci
    a b 8 Sécurité
    1 Mai 2008 14:22:43

    C'était juste le rapport, pas grave ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS