Votre question

virtumonde et tratBHO

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Avril 2008 17:59:51

Bonjour,

J'ai tratBHO et virtumonde sur mon ordi. J'ai utilisé Vundofix et Combofix, puis je viens de lancer un scan avec Antivir qui me trouve 37 infections. Pouvez vous me dire ce que je dois faire ?
Voici mon scan antivir.

Merci de votre aide

Greg


AntiVir PersonalEdition Classic
Report file date: mardi 1 avril 2008 16:04

Scanning for 1173671 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: MARC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
ANTIVIR3.VDF : 7.0.3.103 76800 Bytes 01/04/2008 14:03:02
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 01/04/2008 14:03:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 1 avril 2008 16:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TRENDnet.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SmartUI.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Bureau\DIVERS\Nettoyage\Civilization III Games of the Year.exe
[0] Archive type: ZIP SFX (self extracting)
--> CIVILIZATION3.EXE
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '486843c0.qua'!
C:\Documents and Settings\HP_Propriétaire\Bureau\MSNFix\MSNFix\19032008_11394785.zip
[0] Archive type: ZIP
--> backup/MyPhoto22.zip
[1] Archive type: ZIP
--> MyPhoto22.JPEG_www.freeuploadz.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto35.zip
[1] Archive type: ZIP
--> MyPhoto35.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto45.zip
[1] Archive type: ZIP
--> MyPhoto45.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto47.zip
[1] Archive type: ZIP
--> MyPhoto47.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto48.zip
[1] Archive type: ZIP
--> MyPhoto48.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto19.zip
[1] Archive type: ZIP
--> NewPhoto19.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto22.zip
[1] Archive type: ZIP
--> NewPhoto22.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto25.zip
[1] Archive type: ZIP
--> NewPhoto25.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPicture0028.zip
[1] Archive type: ZIP
--> MyPic0028.JPEG_www.uploads.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/npssvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '482246a5.qua'!
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\Greg\photo029.zip
[0] Archive type: ZIP
--> photo029.JPG-www.myspace.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '486148f4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bvapsqyb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.EER
[INFO] The file was moved to '48535149.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxywus.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486a5135.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\corqsmar.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48645143.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccyyxu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48555137.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ganaqhdp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605135.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcdaw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4854513a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebxxyv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '492ba7b3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hggfdca.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4859513c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifccay.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858513f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgeby.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4927a7c8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\khfecdb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858513e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjgecb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485c5141.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmnom.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605145.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnomkl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605146.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnn.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '491fa7ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rnsnlkuh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48655146.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\shmiwtth.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.GH
[INFO] The file was moved to '485f5141.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvurol.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4868514e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tytngdro.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48665152.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutrqo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4867514e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wibjtodp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48545143.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wpycojcn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486b514a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuvwxu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48675151.qua'!
C:\VundoFix Backups\bevwiuwy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48685146.qua'!
C:\WINDOWS\system32\npssvc.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48655477.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mardi 1 avril 2008 17:45
Used time: 1:41:23 min

The scan has been done completely.

8011 Scanning directories
642937 Files were scanned
37 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
28 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
642900 Files not concerned
16779 Archives were scanned
2 Warnings
52 Notes

Autres pages sur : virtumonde tratbho

1 Avril 2008 18:09:04

:hello: 

Poste le rapport combofix situé sur C:\Combofix.txt ;) 
1 Avril 2008 18:26:32

voila le rapport combifix

ComboFix 08-03-30.5 - HP_Propriétaire 2008-04-01 18:17:41.2 - NTFSx86
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\killtrojan.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Program Files\Avira
2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-01 14:42 . 2008-04-01 14:42 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-01 14:28 . 2008-04-01 17:12 <REP> d-------- C:\VundoFix Backups
2008-03-26 14:12 . 2008-03-26 14:13 1,524,836 ---hs---- C:\WINDOWS\system32\frkrcdvl.ini
2008-03-25 14:39 . 2008-03-25 14:40 1,510,816 ---hs---- C:\WINDOWS\system32\ajutddog.ini
2008-03-24 12:29 . 2008-03-25 14:40 1,541,443 ---hs---- C:\WINDOWS\system32\yppxeyoo.ini
2008-03-23 12:30 . 2008-03-23 17:30 1,505,714 ---hs---- C:\WINDOWS\system32\ridebbji.ini
2008-03-22 23:25 . 2008-03-22 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 23:25 . 2008-03-22 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 12:28 . 2008-03-23 12:28 1,505,594 ---hs---- C:\WINDOWS\system32\essukpro.ini
2008-03-21 12:30 . 2008-03-21 12:30 1,540,154 ---hs---- C:\WINDOWS\system32\tjgjbdry.ini
2008-03-20 16:33 . 2008-03-20 16:33 1,540,094 ---hs---- C:\WINDOWS\system32\dfttrnyf.ini
2008-03-19 12:54 . 2005-01-01 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-19 12:54 . 2007-01-08 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-03-19 12:54 . 2008-03-19 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-19 12:54 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-19 12:54 . 2007-01-07 16:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-19 12:54 . 2005-01-01 18:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-19 12:54 . 2005-01-01 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-19 12:54 . 2005-01-01 18:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-03-19 12:54 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-03-19 08:50 . 2008-03-19 08:50 263,192 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\setup_fr[1].exe
2008-03-19 04:09 . 2008-03-20 12:23 1,540,034 ---hs---- C:\WINDOWS\system32\ndllosyp.ini
2008-03-18 21:01 . 2008-03-19 12:51 268 --ah----- C:\sqmdata19.sqm
2008-03-18 21:01 . 2008-03-19 12:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-18 20:28 . 2008-03-19 12:33 244 --ah----- C:\sqmnoopt18.sqm
2008-03-18 20:28 . 2008-03-19 12:33 232 --ah----- C:\sqmdata18.sqm
2008-03-18 09:48 . 2008-03-19 11:49 244 --ah----- C:\sqmnoopt17.sqm
2008-03-18 09:48 . 2008-03-19 11:49 232 --ah----- C:\sqmdata17.sqm
2008-03-18 09:45 . 2008-03-19 09:12 244 --ah----- C:\sqmnoopt16.sqm
2008-03-18 09:45 . 2008-03-19 09:12 232 --ah----- C:\sqmdata16.sqm
2008-03-17 21:38 . 2008-03-19 12:05 471 --a------ C:\WINDOWS\cookies.MSNFix
2008-03-17 20:39 . 2008-03-19 08:29 244 --ah----- C:\sqmnoopt15.sqm
2008-03-17 20:39 . 2008-03-19 08:29 232 --ah----- C:\sqmdata15.sqm
2008-03-17 04:09 . 2008-03-18 04:11 1,333,063 ---hs---- C:\WINDOWS\system32\mttkejto.ini
2008-03-16 20:52 . 2008-03-19 07:46 244 --ah----- C:\sqmnoopt14.sqm
2008-03-16 20:52 . 2008-03-19 07:46 232 --ah----- C:\sqmdata14.sqm
2008-03-16 04:09 . 2008-03-16 20:51 1,339,888 ---hs---- C:\WINDOWS\system32\fhdqabmb.ini
2008-03-15 04:08 . 2008-03-15 04:09 1,339,416 ---hs---- C:\WINDOWS\system32\cwkaepgv.ini
2008-03-14 04:05 . 2008-03-15 04:06 1,368,292 ---hs---- C:\WINDOWS\system32\cvtsrjfq.ini
2008-03-13 04:04 . 2008-03-14 04:05 1,346,570 ---hs---- C:\WINDOWS\system32\mvyiaehm.ini
2008-03-13 04:01 . 2008-03-13 04:01 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 12:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2008-03-06 13:39 --------- d-----w C:\Program Files\eMule
2008-02-10 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 10:47 --------- d-----w C:\Program Files\Java
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-12-13 22:35 922 ----a-w C:\Program Files\INSTALL.LOG
2006-04-04 17:43 32,768 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_15.03.07.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-04-01 14:03:03 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-15 13:55 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 05:10 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"adiras"="adiras.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-01 16:03 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-19 09:53:20 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-08-17 23:16:06 962663]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-15 13:55:38 450560]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-04-11 07:44:08 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxvu]
gebxxvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfdca]
hggfdca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-01-07 20:08 372736 c:\progra~1\softwin\bitdef~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
--a------ 2005-03-11 19:53 90112 C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-04-06 15:09 33280 c:\progra~1\softwin\bitdef~1\bdswitch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-02-15 18:25]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24974748-2538-11dc-8ac1-00110910afd3}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd75a7a-96d1-11dc-8ad8-00110910afd3}]
\Shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd16db5e-bff1-11db-8a9c-4d6564696130}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:21:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-01 18:22:28
ComboFix-quarantined-files.txt 2008-04-01 16:22:19
ComboFix2.txt 2008-04-01 13:03:20
Pre-Run: 72,691,675,136 octets libres
Post-Run: 72,681,873,408 octets libres
.
2008-03-13 02:01:45 --- E O F ---
Contenus similaires
1 Avril 2008 18:42:09

Si quelqu'un a une solution ou une idée de ce qu'il faut faire, merci, je ne sais vraiment plus quoi faire

Greg
1 Avril 2008 18:45:24

Re,

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :
File::
C:\WINDOWS\system32\frkrcdvl.ini
C:\WINDOWS\system32\ajutddog.ini
C:\WINDOWS\system32\yppxeyoo.ini
C:\WINDOWS\system32\ridebbji.ini
C:\WINDOWS\system32\essukpro.ini
C:\WINDOWS\system32\tjgjbdry.ini
C:\WINDOWS\system32\dfttrnyf.ini
C:\WINDOWS\system32\ndllosyp.ini
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\mttkejto.ini
C:\WINDOWS\system32\fhdqabmb.ini
C:\WINDOWS\system32\cwkaepgv.ini
C:\WINDOWS\system32\cvtsrjfq.ini
C:\WINDOWS\system32\mvyiaehm.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adiras"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxvu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfdca]



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

;) 
1 Avril 2008 19:09:12

voila le scan combo fix et celui de hijackthis

ComboFix 08-03-30.5 - HP_Propriétaire 2008-04-01 18:54:27.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.201 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Program Files\Avira
2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-01 14:42 . 2008-04-01 14:42 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-01 14:28 . 2008-04-01 17:12 <REP> d-------- C:\VundoFix Backups
2008-03-26 14:12 . 2008-03-26 14:13 1,524,836 ---hs---- C:\WINDOWS\system32\frkrcdvl.ini
2008-03-25 14:39 . 2008-03-25 14:40 1,510,816 ---hs---- C:\WINDOWS\system32\ajutddog.ini
2008-03-24 12:29 . 2008-03-25 14:40 1,541,443 ---hs---- C:\WINDOWS\system32\yppxeyoo.ini
2008-03-23 12:30 . 2008-03-23 17:30 1,505,714 ---hs---- C:\WINDOWS\system32\ridebbji.ini
2008-03-22 23:25 . 2008-03-22 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 23:25 . 2008-03-22 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 12:28 . 2008-03-23 12:28 1,505,594 ---hs---- C:\WINDOWS\system32\essukpro.ini
2008-03-21 12:30 . 2008-03-21 12:30 1,540,154 ---hs---- C:\WINDOWS\system32\tjgjbdry.ini
2008-03-20 16:33 . 2008-03-20 16:33 1,540,094 ---hs---- C:\WINDOWS\system32\dfttrnyf.ini
2008-03-19 12:54 . 2005-01-01 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-19 12:54 . 2007-01-08 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-03-19 12:54 . 2008-03-19 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-19 12:54 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-19 12:54 . 2007-01-07 16:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-19 12:54 . 2005-01-01 18:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-19 12:54 . 2005-01-01 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-19 12:54 . 2005-01-01 18:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-03-19 12:54 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-03-19 08:50 . 2008-03-19 08:50 263,192 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\setup_fr[1].exe
2008-03-19 04:09 . 2008-03-20 12:23 1,540,034 ---hs---- C:\WINDOWS\system32\ndllosyp.ini
2008-03-18 21:01 . 2008-03-19 12:51 268 --ah----- C:\sqmdata19.sqm
2008-03-18 21:01 . 2008-03-19 12:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-18 20:28 . 2008-03-19 12:33 244 --ah----- C:\sqmnoopt18.sqm
2008-03-18 20:28 . 2008-03-19 12:33 232 --ah----- C:\sqmdata18.sqm
2008-03-18 09:48 . 2008-03-19 11:49 244 --ah----- C:\sqmnoopt17.sqm
2008-03-18 09:48 . 2008-03-19 11:49 232 --ah----- C:\sqmdata17.sqm
2008-03-18 09:45 . 2008-03-19 09:12 244 --ah----- C:\sqmnoopt16.sqm
2008-03-18 09:45 . 2008-03-19 09:12 232 --ah----- C:\sqmdata16.sqm
2008-03-17 21:38 . 2008-03-19 12:05 471 --a------ C:\WINDOWS\cookies.MSNFix
2008-03-17 20:39 . 2008-03-19 08:29 244 --ah----- C:\sqmnoopt15.sqm
2008-03-17 20:39 . 2008-03-19 08:29 232 --ah----- C:\sqmdata15.sqm
2008-03-17 04:09 . 2008-03-18 04:11 1,333,063 ---hs---- C:\WINDOWS\system32\mttkejto.ini
2008-03-16 20:52 . 2008-03-19 07:46 244 --ah----- C:\sqmnoopt14.sqm
2008-03-16 20:52 . 2008-03-19 07:46 232 --ah----- C:\sqmdata14.sqm
2008-03-16 04:09 . 2008-03-16 20:51 1,339,888 ---hs---- C:\WINDOWS\system32\fhdqabmb.ini
2008-03-15 04:08 . 2008-03-15 04:09 1,339,416 ---hs---- C:\WINDOWS\system32\cwkaepgv.ini
2008-03-14 04:05 . 2008-03-15 04:06 1,368,292 ---hs---- C:\WINDOWS\system32\cvtsrjfq.ini
2008-03-13 04:04 . 2008-03-14 04:05 1,346,570 ---hs---- C:\WINDOWS\system32\mvyiaehm.ini
2008-03-13 04:01 . 2008-03-13 04:01 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 12:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2008-03-06 13:39 --------- d-----w C:\Program Files\eMule
2008-02-10 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 10:47 --------- d-----w C:\Program Files\Java
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-12-13 22:35 922 ----a-w C:\Program Files\INSTALL.LOG
2006-04-04 17:43 32,768 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_15.03.07.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-04-01 14:03:03 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-15 13:55 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 05:10 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"adiras"="adiras.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-01 16:03 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-19 09:53:20 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-08-17 23:16:06 962663]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-15 13:55:38 450560]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-04-11 07:44:08 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxvu]
gebxxvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfdca]
hggfdca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-01-07 20:08 372736 c:\progra~1\softwin\bitdef~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
--a------ 2005-03-11 19:53 90112 C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-04-06 15:09 33280 c:\progra~1\softwin\bitdef~1\bdswitch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-02-15 18:25]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24974748-2538-11dc-8ac1-00110910afd3}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd75a7a-96d1-11dc-8ad8-00110910afd3}]
\Shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd16db5e-bff1-11db-8a9c-4d6564696130}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:57:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-01 18:57:37
ComboFix-quarantined-files.txt 2008-04-01 16:57:29
ComboFix2.txt 2008-04-01 16:22:29
ComboFix3.txt 2008-04-01 13:03:20
Pre-Run: 72,660,856,832 octets libres
Post-Run: 72,651,100,160 octets libres
.
2008-03-13 02:01:45 --- E O F ---










Logfile of HijackThis v1.99.1
Scan saved at 19:08:39, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebxxvu - gebxxvu.dll (file missing)
O20 - Winlogon Notify: hggfdca - hggfdca.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -

1 Avril 2008 19:13:30

Re,

La manip n'a pas marché :)  Suis bien les indications suivantes :

1) Télécharge ToolsCleaner, sur ton bureau.

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
  • Tutorial ici :

    2) Retélécharge Combofix et enregistre-le à la racine de ton disque dur, c'est à dire ici : C:\Combofix.exe >>> Ceci est très important !!!

    3) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\system32\frkrcdvl.ini
    C:\WINDOWS\system32\ajutddog.ini
    C:\WINDOWS\system32\yppxeyoo.ini
    C:\WINDOWS\system32\ridebbji.ini
    C:\WINDOWS\system32\essukpro.ini
    C:\WINDOWS\system32\tjgjbdry.ini
    C:\WINDOWS\system32\dfttrnyf.ini
    C:\WINDOWS\system32\ndllosyp.ini
    C:\WINDOWS\cookies.MSNFix
    C:\WINDOWS\system32\mttkejto.ini
    C:\WINDOWS\system32\fhdqabmb.ini
    C:\WINDOWS\system32\cwkaepgv.ini
    C:\WINDOWS\system32\cvtsrjfq.ini
    C:\WINDOWS\system32\mvyiaehm.ini

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "adiras"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxvu]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfdca]


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le à la racine de ton disque dur, soit sur C:\CFScript.txt >>> Très important là aussi !!!

    4) Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    1 Avril 2008 19:14:42

    Merci de m'accorder ton aide Merillym, tu penses connaitre un moyen pour me débarrasser de ces virus ?

    Greg
    1 Avril 2008 19:15:43

    Re,

    Evidemment, fais ce que je te dis et tu en seras débarrassé quand j'en aurais fini avec toi ;) 
    1 Avril 2008 19:16:04

    ok je fais tout ça et je publie les rapports

    greg
    1 Avril 2008 19:28:09

    voila déja le nouveau rapport combofix

    ComboFix 08-03-30.5 - HP_Propriétaire 2008-04-01 19:23:56.4 - NTFSx86
    Endroit: C:\ComboFix.exe
    Command switches used :: C:\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\cookies.MSNFix
    C:\WINDOWS\system32\ajutddog.ini
    C:\WINDOWS\system32\cvtsrjfq.ini
    C:\WINDOWS\system32\cwkaepgv.ini
    C:\WINDOWS\system32\dfttrnyf.ini
    C:\WINDOWS\system32\essukpro.ini
    C:\WINDOWS\system32\fhdqabmb.ini
    C:\WINDOWS\system32\frkrcdvl.ini
    C:\WINDOWS\system32\mttkejto.ini
    C:\WINDOWS\system32\mvyiaehm.ini
    C:\WINDOWS\system32\ndllosyp.ini
    C:\WINDOWS\system32\ridebbji.ini
    C:\WINDOWS\system32\tjgjbdry.ini
    C:\WINDOWS\system32\yppxeyoo.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.MSNFix
    C:\WINDOWS\system32\ajutddog.ini
    C:\WINDOWS\system32\cvtsrjfq.ini
    C:\WINDOWS\system32\cwkaepgv.ini
    C:\WINDOWS\system32\dfttrnyf.ini
    C:\WINDOWS\system32\essukpro.ini
    C:\WINDOWS\system32\fhdqabmb.ini
    C:\WINDOWS\system32\frkrcdvl.ini
    C:\WINDOWS\system32\mttkejto.ini
    C:\WINDOWS\system32\mvyiaehm.ini
    C:\WINDOWS\system32\ndllosyp.ini
    C:\WINDOWS\system32\ridebbji.ini
    C:\WINDOWS\system32\tjgjbdry.ini
    C:\WINDOWS\system32\yppxeyoo.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-01 19:21 . 2008-04-01 19:21 1,603,539 --a------ C:\ComboFix.exe
    2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Program Files\Avira
    2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-01 14:42 . 2008-04-01 14:42 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-03-22 23:25 . 2008-03-22 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-22 23:25 . 2008-03-22 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-19 12:54 . 2005-01-01 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-03-19 12:54 . 2007-01-08 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
    2008-03-19 12:54 . 2008-03-19 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-03-19 12:54 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-03-19 12:54 . 2007-01-07 16:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-03-19 12:54 . 2005-01-01 18:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-03-19 12:54 . 2005-01-01 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-03-19 12:54 . 2005-01-01 18:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
    2008-03-19 12:54 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-03-19 08:50 . 2008-03-19 08:50 263,192 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\setup_fr[1].exe
    2008-03-18 21:01 . 2008-03-19 12:51 268 --ah----- C:\sqmdata19.sqm
    2008-03-18 21:01 . 2008-03-19 12:51 244 --ah----- C:\sqmnoopt19.sqm
    2008-03-18 20:28 . 2008-03-19 12:33 244 --ah----- C:\sqmnoopt18.sqm
    2008-03-18 20:28 . 2008-03-19 12:33 232 --ah----- C:\sqmdata18.sqm
    2008-03-18 09:48 . 2008-03-19 11:49 244 --ah----- C:\sqmnoopt17.sqm
    2008-03-18 09:48 . 2008-03-19 11:49 232 --ah----- C:\sqmdata17.sqm
    2008-03-18 09:45 . 2008-03-19 09:12 244 --ah----- C:\sqmnoopt16.sqm
    2008-03-18 09:45 . 2008-03-19 09:12 232 --ah----- C:\sqmdata16.sqm
    2008-03-17 20:39 . 2008-03-19 08:29 244 --ah----- C:\sqmnoopt15.sqm
    2008-03-17 20:39 . 2008-03-19 08:29 232 --ah----- C:\sqmdata15.sqm
    2008-03-16 20:52 . 2008-03-19 07:46 244 --ah----- C:\sqmnoopt14.sqm
    2008-03-16 20:52 . 2008-03-19 07:46 232 --ah----- C:\sqmdata14.sqm
    2008-03-13 04:01 . 2008-03-13 04:01 127 --a------ C:\WINDOWS\system32\MRT.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-19 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-07 12:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-03-06 13:39 --------- d-----w C:\Program Files\eMule
    2008-02-10 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-10 10:47 --------- d-----w C:\Program Files\Java
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2006-12-13 22:35 922 ----a-w C:\Program Files\INSTALL.LOG
    2006-04-04 17:43 32,768 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-15 13:55 20480]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 05:10 344064]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
    "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-01 16:03 249896]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-19 09:53:20 110592]
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-08-17 23:16:06 962663]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-15 13:55:38 450560]
    SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864]
    Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-04-11 07:44:08 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-01-07 20:08 372736 c:\progra~1\softwin\bitdef~1\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
    --a------ 2005-03-11 19:53 90112 C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
    --a------ 2005-04-06 15:09 33280 c:\progra~1\softwin\bitdef~1\bdswitch.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule
    "4672:UDP"= 4672:UDP:emule

    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
    S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-02-15 18:25]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24974748-2538-11dc-8ac1-00110910afd3}]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd75a7a-96d1-11dc-8ad8-00110910afd3}]
    \Shell\AutoRun\command - WD_Windows_Tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd16db5e-bff1-11db-8a9c-4d6564696130}]
    \Shell\AutoRun\command - K:\LaunchU3.exe

    *Newly Created Service* - ANTIVIRSCHEDULER
    *Newly Created Service* - ANTIVIRSERVICE
    *Newly Created Service* - AVGIO
    *Newly Created Service* - AVGNTFLT
    *Newly Created Service* - AVIPBB
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 19:26:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-01 19:27:13
    ComboFix-quarantined-files.txt 2008-04-01 17:27:04
    ComboFix2.txt 2008-04-01 16:57:38
    Pre-Run: 72,637,038,592 octets libres
    Post-Run: 72,607,973,376 octets libres
    .
    2008-03-13 02:01:45 --- E O F ---
    1 Avril 2008 19:31:10

    et le nouveau rapport d'hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:30:37, on 01/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    c:\program files\avira\antivir personaledition classic\avscan.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: SmartUI.lnk = ?
    O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9906 bytes
    1 Avril 2008 19:32:05

    Re,

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    1 Avril 2008 19:38:51

    en fait j'ai désactivé avast car tout le monde conseille Antivir que j'ai installé aujourd'hui. Donc la je désinstalle avast et je conserve antivir, puis je fais comme tu le dis

    1 - CCleaner (je dois virer tout ce qu'il trouve ? car je l'ai utilisé ce matin et ils trouvait des cookies et surtout Virtumonde qui concerne des clés registre, et je n'avais rien effacer)
    2 - Scan Antivir en mode sans échec

    C'est bien ça ?

    1 Avril 2008 19:46:29

    Oui ;) 

    Poste-moi le rapport d'antivir.

    :super:
    1 Avril 2008 19:48:22

    Tu seras là ce soir quand je posterai le rapport Antivir ? (car le scan que j'ai fais avec cet aprem à pris presque 2 heures ). Merci de ton aide

    Greg
    1 Avril 2008 19:56:13

    Re,

    Il y a des chances que oui :) 
    1 Avril 2008 20:04:33

    Oki,

    Merci bcp Merillym pour ton aide. Je m'occupe de CCleaner puis après je fais le scan antivir en mode sans échec puis je poste le résultat.

    A ce soir et encore merci

    Greg
    2 Avril 2008 11:18:14

    Salut Merillym,

    Le scan a pris pas mal de temps en fait, voici le rapport

    AntiVir PersonalEdition Classic
    Report file date: mardi 1 avril 2008 20:19

    Scanning for 1173671 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: HP_Propriétaire
    Computer name: MARC

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
    ANTIVIR3.VDF : 7.0.3.103 76800 Bytes 01/04/2008 14:03:02
    AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 01/04/2008 14:03:03
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 1 avril 2008 20:19

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '55' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: mercredi 2 avril 2008 01:59
    Used time: 5:40:53 min

    The scan has been done completely.

    7804 Scanning directories
    638684 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    638684 Files not concerned
    16762 Archives were scanned
    1 Warnings
    52 Notes


    2 Avril 2008 13:23:16

    avec le scan Antivir qui s'est lancé au démarrage (en mode normal), le rapport me trouve toujours 35 trojans (Vundo.gen et xpack.gen ) qui sont placés en quarantaine, que dois je faire ? merci de m'aider
    2 Avril 2008 18:29:06

    :hello: 

    S'ils sont en quarantaine, laisse-les pour le moment, on s'en occupera après ;) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    3 Avril 2008 11:08:48

    Salut Merillym,

    Merci de ta réponse. J'ai réalisé le scan avec MalwareByte's Anti-Malware en mode sans échec et voici le résultat du rapport.

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 583

    Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
    Eléments examinés: 142562
    Temps écoulé: 5 hour(s), 29 minute(s), 26 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP372\A0033351.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP372\A0033361.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    cela semble plutôt pas mal, je refais un scan avec antivir et je le poste dans l'aprem. Si tu as ce message avant, dis moi ce que tu penses que je dois faire.

    Encore merci

    Greg
    3 Avril 2008 12:50:56

    voila le dernier scan Antivir, tout semble ok

    AntiVir PersonalEdition Classic
    Report file date: jeudi 3 avril 2008 11:10

    Scanning for 1175294 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MARC

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
    ANTIVIR3.VDF : 7.0.3.108 97792 Bytes 02/04/2008 14:03:10
    AVEWIN32.DLL : 7.6.0.80 3420672 Bytes 02/04/2008 14:03:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 3 avril 2008 11:10

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'TRENDnet.exe' - '1' Module(s) have been scanned
    Scan process 'SmartUI.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process '9wifi.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    47 processes with 47 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '52' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: jeudi 3 avril 2008 12:29
    Used time: 1:19:38 min

    The scan has been done completely.

    7998 Scanning directories
    643194 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    643194 Files not concerned
    16765 Archives were scanned
    2 Warnings
    52 Notes
    3 Avril 2008 17:22:36

    :hello: 

    Oui pas mal du tout tout ça :super:

    Poste un nouveau hijackthis pour qu'on finalise la désinfection.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS