Se connecter / S'enregistrer
Votre question

Infection virus / trojans et autres malwares

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2008 06:05:25

Bonjour,
Mon PC est infecte depuis quelques jours apres avoir malheureusement clique sur un fichier downloade en P2P.
J'ai lu plusieurs messages sur le forum et ai applique plusieurs recommandations:
CCleaner, Ewido, smitfraudfix, spybots, ad-aware en mode sans echec.
La situation s'est amelioree, j'ai recupere les icones de la barre de taches mais je continu a avoir des signes deplaisants:
Pub porno qui apparraissent, explorer.exe buffer over run, et mon bon vieux Norton qui me signale (sans rien pouvoir y faire) les attaques de Trojan . zlob/ Vundo / spy sheriff / dowloader...
Je poste le log de HijackThis en attendant de l'aide.
Merci d'avance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:24 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HSMC] C:\Program Files\True\hi-Speed Navigator\cab\CreateShortCut.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Exbrayat\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [60418d09] rundll32.exe "C:\WINDOWS\system32\scbkxwko.dll",b
O4 - HKLM\..\Run: [BM6372be95] Rundll32.exe "C:\WINDOWS\system32\gwysuotd.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12519 bytes

Autres pages sur : infection virus trojans malwares

6 Avril 2008 11:23:27

Salut,

Tu es en effet infecté par Vundo.

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
6 Avril 2008 12:57:20

Salut et merci pour la prise en charge!
Pas moyen de downloader combofix.exe. Jai essaye sur tous les liens presents 1 dans ton email et trois dans le Tuto. Le systeme me dit: Internet explorer cannot download combofix.ex from download.bleepingcomputer.com
Qu'est-ce que je peux faire?
Contenus similaires
6 Avril 2008 12:59:17

Tu peux essayer avec un autre Navigateur Internet ? (Mozilla, Opéra).
Ou bien le charger à partir d'un autre ordinateur et de l'amener sur le tien.
6 Avril 2008 13:49:25

OK c'est fait,
Voici le rapport
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 13:26:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.425 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6372be95.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\derpvupw.ini
C:\WINDOWS\system32\FMVGffii.ini
C:\WINDOWS\system32\FMVGffii.ini2
C:\WINDOWS\system32\gwysuotd.dll
C:\WINDOWS\system32\kbikxhpd.dll
C:\WINDOWS\system32\kSDdLRqr.ini
C:\WINDOWS\system32\kSDdLRqr.ini2
C:\WINDOWS\system32\okwxkbcs.ini
C:\WINDOWS\system32\opnmKCUN.dll
C:\WINDOWS\system32\rgwvjymn.dll
C:\WINDOWS\system32\rqRLdDSk.dll
C:\WINDOWS\system32\scbkxwko.dll
C:\WINDOWS\system32\wpuvpred.dll
C:\WINDOWS\Tasks.\At1.job
C:\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zvtgrxky
-------\Legacy_zvtgrxky
-------\zvtgrxky


((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat
2008-04-02 16:10 . 2008-04-02 16:10 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 10:48 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45}]
C:\WINDOWS\system32\iiffGVMF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2cac086-8fbf-41e7-8382-a69c01fc0627}]
C:\WINDOWS\system32\fwaslhfw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 21:52 249856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"HSMC"="C:\Program Files\True\hi-Speed Navigator\cab\CreateShortCut.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Host Process"="C:\Documents and Settings\Exbrayat\svchost.exe" [ ]
"60418d09"="C:\WINDOWS\system32\scbkxwko.dll" [ ]
"BM6372be95"="C:\WINDOWS\system32\gwysuotd.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hqachmoz]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 13:36:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-04-06 13:43:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 11:43:21
Pre-Run: 23,875,997,696 bytes free
Post-Run: 24,326,176,768 bytes free
.
2008-03-13 14:29:31 --- E O F ---
6 Avril 2008 14:53:19

Re,

Copie le texte se situant dans le cadre ci-dessous :

Driver::
LiveUpdate Notice

File::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\fwaslhfw.dll
C:\WINDOWS\system32\iiffGVMF.dll
C:\WINDOWS\system32\bjabtxch.ini
C:\WINDOWS\system32\mncehskl.ini
C:\WINDOWS\system32\oobnfvix.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2cac086-8fbf-41e7-8382-a69c01fc0627}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Nero PhotoShow Media Manager"=-
"Picasa Media Detector"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=-
"TFncKy"=-
"LogitechVideoRepair"=-
"QuickTime Task"=-
"HSMC"=-
"CFSServ.exe"=-
"NWEReboot"=-
"NeroFilterCheck"=-
"SSBkgdUpdate"=-
"OpwareSE4"=-
"Host Process"=-
"60418d09"=-
"BM6372be95"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hqachmoz]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
6 Avril 2008 15:41:47

C'est fait, il y a eu redemarrage voila le rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 15:32:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.486 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ :#:
C:\Documents and Settings\Exbrayat :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\taskkill.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 13:35 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 15:35:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 15:36:06
ComboFix-quarantined-files.txt 2008-04-06 13:35:49
ComboFix2.txt 2008-04-06 11:43:27
Pre-Run: 24,368,467,968 bytes free
Post-Run: 24,357,191,680 bytes free
.
2008-03-13 14:29:31 --- E O F ---
6 Avril 2008 16:05:56

Re,

J'ai édité mon script.

Place Combofix et le CFScript sur le Bureau.
Refais la manip avec le script édité.
6 Avril 2008 16:56:56

voila c'est fait. C'est l'icone de racourcis de combofix que j'ai sur le bureau. J'espere que c'est ok...
Voici le rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 16:40:19.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.449 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ :#:
.

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 14:42 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 16:42:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 16:43:09
ComboFix-quarantined-files.txt 2008-04-06 14:42:58
ComboFix2.txt 2008-04-06 13:36:07
ComboFix3.txt 2008-04-06 11:43:27
Pre-Run: 24,349,614,080 bytes free
Post-Run: 24,339,320,832 bytes free
.
2008-03-13 14:29:31 --- E O F ---
6 Avril 2008 17:22:25

Re,

Non ce n'est pas OK.

J'ai ré-édité le script, un mauvais copier-coller, décidemment !
Heureusement qu'il ya la liste blanche !

Non, le raccourci ne suffit pas.
Copie C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe , ici -> C:\Documents and Settings\Exbrayat\Desktop\

Refais avec le script édité.
6 Avril 2008 17:45:02

Voila c'est fait. La rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 17:35:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.466 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\bjabtxch.ini
C:\WINDOWS\system32\fwaslhfw.dll
C:\WINDOWS\system32\iiffGVMF.dll
C:\WINDOWS\system32\mncehskl.ini
C:\WINDOWS\system32\oobnfvix.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\bjabtxch.ini
C:\WINDOWS\system32\mncehskl.ini
C:\WINDOWS\system32\oobnfvix.dat

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 14:50 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:37:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 17:38:23
ComboFix-quarantined-files.txt 2008-04-06 15:38:07
ComboFix2.txt 2008-04-06 14:43:11
ComboFix3.txt 2008-04-06 13:36:07
ComboFix4.txt 2008-04-06 11:43:27
Pre-Run: 24,327,593,984 bytes free
Post-Run: 24,317,235,200 bytes free
.
2008-03-13 14:29:31 --- E O F ---
6 Avril 2008 19:17:15

Re,

Supprime :
- C:\Documents and Settings\Exbrayat\!
- C:\Documents and Settings\Exbrayat\zz.dat


Reposte un HijackThis.
Où en sont tes problèmes ?
7 Avril 2008 03:39:54

Le jour se leve plein de promesses!
J'ai efface zz.dat mais je n'arrive pas a mettre la main sur Exbrayat\! comment je dois faire pour me debarasser de ce fichier (la boucle serait bouclee - c'etait l'autre question poste sur le forum). Gestionnaire de fichier ou avec HijackThis?
En ce qui concerne les symptomes.... Plus rien, tout est calme! Merci, merci, merci!
J'ai reactive mon Norton pour l'instant, qu'est-il recommende de mettre en place pour etre mieux proteger qu'avec Norton?
7 Avril 2008 03:41:00

Voici le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:23 AM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8} - (no file)
O2 - BHO: (no name) - {21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {77D3A5B4-CFD1-4046-8909-7CD99A68311F} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9B8A12F4-DD9F-4604-9682-23D45E217FBC} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57} - (no file)
O2 - BHO: (no name) - {d2cac086-8fbf-41e7-8382-a69c01fc0627} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hqachmoz - C:\WINDOWS\
O20 - Winlogon Notify: opnmKCUN - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12286 bytes
7 Avril 2008 08:44:44

Il est caché et système, voilà pourquoi tu ne le vois pas ^^


  • Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK

  • Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

  • Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
    Tu recoches ces options après !

    Pour Norton, si tu peux, ce serait de mieux de changer.
    7 Avril 2008 09:30:17

    Voila,
    C'est fait! J'ai fait un nouveau Hijackthis et ai poste ci dessous le rapport, dis moi juste si c'est termine et je te laisse en paix!
    En remplacement de Norton qu'est ce que tu recommandes. J'ai besoin d'un truc complet, simple a installer et qui ne demande pas de maintenance et surtout qui protege efficacement.
    Encore une fois 1000 merci's!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:49 AM, on 4/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8} - (no file)
    O2 - BHO: (no name) - {21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {77D3A5B4-CFD1-4046-8909-7CD99A68311F} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {9B8A12F4-DD9F-4604-9682-23D45E217FBC} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: (no name) - {CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57} - (no file)
    O2 - BHO: (no name) - {d2cac086-8fbf-41e7-8382-a69c01fc0627} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: hqachmoz - C:\WINDOWS\
    O20 - Winlogon Notify: opnmKCUN - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    --
    End of file - 12326 bytes
    7 Avril 2008 09:56:08

    Re,

    Il n'y a pas besoin de payer pour être bien protégé.

    Nous n'allons pas prendre une suite si ça ne te dérange pas ..
    Mais puisque tu veux quelque chose de complet, je peux te proposer plusieurs choses.

    Relance HiJackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - {11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8} - (no file)
    O2 - BHO: (no name) - {21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45} - (no file)
    O2 - BHO: (no name) - {77D3A5B4-CFD1-4046-8909-7CD99A68311F} - (no file)
    O2 - BHO: (no name) - {9B8A12F4-DD9F-4604-9682-23D45E217FBC} - (no file)
    O2 - BHO: (no name) - {CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57} - (no file)
    O2 - BHO: (no name) - {d2cac086-8fbf-41e7-8382-a69c01fc0627} - (no file)
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O20 - Winlogon Notify: hqachmoz - C:\WINDOWS\
    O20 - Winlogon Notify: opnmKCUN - C:\WINDOWS\

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked!

    Je te conseille d'enlever msn et Skype au démarrage, pour optimiser ton démarrage.
    Pour ceci, fixe également ces deux lignes -tu n'es pas obligé- :
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background


    ********

    Désinstalle via Ajout/Suppression de Programmes:
  • LiveUpdate
  • Norton
  • Symantec
  • Ad-Aware 2007

    Puis supprime les dossiers correspondants :
  • Dans Programfiles
  • Dans Programfiles\Fichiers communs
  • Dans Application Data (%userprofile%)
  • Etc ... (tu dois pouvoir les trouver via une recherche Windows (prends soin d'afficher les fichiers cachés/systèmes avant.

    Pour Norton, tu peux utiliser cet outil :
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

    Puis .....

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Antivirus:

    Télécharge et installe Antivir. (tuto)
    Vérifie qu%u2019il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).

    Anti-Spywares:
    Télécharge AVG Anti-Spyware Installes-le.
    Si le lien ne fonctionne pas : >Clique ici<
    Lance AVG et fais une mise à jour.
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.

    Ou bien Spybot

    Parefeu:

    Je t'en propose plusieurs (à toi de choisir!) :
    Sygate, Oupost, Kerio, ou encore Zone Alarm, etc ....
    Désactive le parefeu de Windows après avoir installé un nouveau parefeu
    Tuto.
    7 Avril 2008 11:48:54

    Je suis en cours de procedure mais voici deja le rapport Antivir. Il me reste a charger l'anti-spyware et le parefeu.

    AntiVir PersonalEdition Classic
    Report file date: Monday, April 07, 2008 11:38

    Scanning for 1184383 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Exbrayat
    Computer name: YOUR-2E218F6215

    Version information:
    BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 09:36:42
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 3/27/2008 09:36:42
    ANTIVIR3.VDF : 7.0.3.125 229888 Bytes 4/7/2008 09:36:42
    AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 4/7/2008 09:36:43
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 4/7/2008 09:36:43
    AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: Monday, April 07, 2008 11:38

    Starting search for hidden objects.
    '327832' objects were checked, '0' hidden objects were found.


    End of the scan: Monday, April 07, 2008 11:41
    Used time: 03:35 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    327832 Objects were scanned with rootkit scan
    0 Hidden objects were found
    7 Avril 2008 13:08:07

    Voila tout est en place, pour le parefeu je m'y suis pris a deux fois. La premiere j'ai installe sygate en suivant le lien.... en allemand... J'ai des notions mais je n'etais pas a l'aise. J'ai desinstalle puis installe Kerio. Tout est calme et semble bien se passer. Quand la periode des 30 jours d'essais avec Kerio est au bout, et que certaine fonctions sont enlevees, c'est encore satisfaisant comme protection?
    Deux questions: 1 la mise a jour de la base de donnee virus est elle automatique pour antivir et AVG ou je dois pousser sur le bouton chaque mois?
    2 Certaines videos ne fonctionnent plus. Media player demarre et j'entends le son uniquement pour certaines, rien ne se passe pour d'autres, tout est normal pour d'autres.

    Merci pour tes commentaires.
    7 Avril 2008 14:48:35

    Encore une chose, limewire n'arrive plus a se connecter maintenant! Une solution?
    7 Avril 2008 18:59:52

    Re,

    Pour Antivir, scan beaucoup trop court .
    Citation :
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off


    Pour AntiVir, oui elle est automatique.

    Pour avg, au bout de 30 jours, tu perds la protection résidente (on s'en fout) et les MAJ automatiques, tu as juste à faire un click..

    Pour les vidéos, je ne peux t'en dire plus .. Essaie de réinstaller ou bien avec un autre lecteur.

    Pour LimeWire, tu dois l'autoriser via le parefeu.

    Pour Kerio, je n'ai jamais eu l'occasion de l'utiliser, tu verras ;) 

    D'autres questions ?

    8 Avril 2008 17:45:07

    Voila le rapport complet (?) cette fois du scan AVIRA. Les fichiers detectes deja places en quarantaine on ete effaces.
    Pour mes problemes multimedia je vais me debrouiller.
    Plus aucun signe de disfonctionnement, tout tourne a merveille. Encore une fois merci!
    Si tu passes dans le coin un de ces jours arrete toi que je t'offre l'apero!
    Bonne continuation!

    AntiVir PersonalEdition Classic
    Report file date: Tuesday, April 08, 2008 16:52

    Scanning for 1184383 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: YOUR-2E218F6215

    Version information:
    BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 09:36:42
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 3/27/2008 09:36:42
    ANTIVIR3.VDF : 7.0.3.125 229888 Bytes 4/7/2008 09:36:42
    AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 4/7/2008 09:36:43
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 4/7/2008 09:36:43
    AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: Tuesday, April 08, 2008 16:52

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'update.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
    Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
    Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
    Scan process 'Residence.exe' - '1' Module(s) have been scanned
    Scan process 'SonyTray.exe' - '1' Module(s) have been scanned
    Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
    Scan process 'THotkey.exe' - '1' Module(s) have been scanned
    Scan process 'PadExe.exe' - '1' Module(s) have been scanned
    Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
    Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
    Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    49 processes with 49 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '34' files ).


    Starting the file scan:

    Begin scan in 'C:\' <S3A2109D001>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\catchme2008-04-06_133614.77.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Exbrayat/Desktop/catchme.zip
    [1] Archive type: ZIP
    --> opnmKCUN.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\winlogon.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gwysuotd.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\kbikxhpd.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnmKCUN.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqRLdDSk.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\scbkxwko.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\wpuvpred.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035106.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035108.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035109.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035110.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035111.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035120.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP458\A0035121.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!


    End of the scan: Tuesday, April 08, 2008 17:37
    Used time: 44:44 min

    The scan has been done completely.

    5148 Scanning directories
    245272 Files were scanned
    15 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    15 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    245257 Files not concerned
    7209 Archives were scanned
    2 Warnings
    0 Notes

    8 Avril 2008 18:00:09

    Citation :
    arrete toi que je t'offre l'apero!

    Où habites-tu ? :D 

    Quelques dernières vérifications et bientôt fini :) 

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    9 Avril 2008 15:27:18

    J'habite a Bangkok, le pastis et les glacons sont prets!
    Voila le rapport de Clean:
    Wed 04/09/2008 a 15:01:42.46

    *** Recherche C:

    *** Recherche C:\WINDOWS\

    *** Recherche C:\WINDOWS\system32

    *** Recherche C:\Program Files
    *** End of the report !
    9 Avril 2008 17:35:50

    :) 

    Reposte un HijackThis ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS