Se connecter / S'enregistrer
Votre question

SOS analyse secuser.com / 502 fichiers infectés "trojan"

Tags :
  • analyse
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Février 2008 05:20:47

Apres plusieurs soucis sur mon PC, je décide de lancer une analyse sur secuser.com... verdict : 502 fichiers infectés.
A chaques fois se sont des trojans...
Colone result : non cleanable
Je suis tres inquiete, que dois je faire...
Je suis se qu'on appelle 'une bille" dans le domaine !
Dois les supprimer ?
Certains se trouvent dans local setting\tempory files...
D'autres dans windows\temp
Je suis sous windows Xp
Merci d'avance pour votre aide.... je suis vraipent perdue !

Autres pages sur : sos analyse secuser com 502 fichiers infectes trojan

26 Février 2008 13:12:53

Salut,

Sélectionne l’intégralité du cadre ci-dessous :
@echo off
CD \
del /q "%windir%\Temp\*.*"
del /q "%windir%\Prefetch\*.*"
del /q "%userprofile%\Cookies\*.*"
del /s /q "%temp%\*.*"
del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /s /q "%userprofile%\Local Settings\Historique\*.*"
exit

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus.

*********

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
26 Février 2008 15:00:18

Salut xmichoux,
Voilà le rapport demandé...
Merci pour ton aide,
Sab.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:00, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSE...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6231 bytes
Contenus similaires
26 Février 2008 16:57:06

Pas d'infection visible.

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Puis Fix Checked !

******

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
26 Février 2008 23:30:56

nouveau rapport...
moi je suis totalement larguée....
a bientot et merci,
Sab

AntiVir PersonalEdition Classic
Report file date: mardi 26 février 2008 23:01

Scanning for 1125665 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Véro
Computer name: VÉRO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:58:50
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 21:58:51
ANTIVIR3.VDF : 7.0.2.196 62464 Bytes 26/02/2008 21:58:51
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 26/02/2008 21:58:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 26/02/2008 21:58:51
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 26 février 2008 23:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'MSN Pictures Displayer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upaq.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48258cc2.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48258cc2.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f68c8d.qua'!
C:\Documents and Settings\Véro\abmxox.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '48318d17.qua'!
C:\Documents and Settings\Véro\kywunz.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '483b8d2e.qua'!
C:\Documents and Settings\Véro\rzzcku.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '483e8d2f.qua'!
C:\Documents and Settings\Véro\vwxshx.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '483c8d2d.qua'!
C:\Documents and Settings\Véro\wqdqhv.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '48288d27.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '48328edd.qua'!
C:\WINDOWS\system32\ztx86.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'G:\'
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\' <Audio CD>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mardi 26 février 2008 23:28
Used time: 27:25 min

The scan has been done completely.

3404 Scanning directories
107395 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
107387 Files not concerned
1041 Archives were scanned
2 Warnings
0 Notes

27 Février 2008 12:53:38

Re,

Je vois ..

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
27 Février 2008 17:19:41

ComboFix 08-02-25.3 - Véro 2008-02-27 16:56:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.265 [GMT 1:00]
Endroit: C:\Documents and Settings\Véro\Local Settings\Temporary Internet Files\Content.IE5\WX6ROHAZ\ComboFix[1].exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht
C:\Documents and Settings\Véro\Application Data\ShoppingReport
C:\Documents and Settings\Véro\Application Data\ShoppingReport\cs\Config.xml
C:\Program Files\Helper
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.

2008-02-26 22:53 . 2008-02-26 22:53 <REP> d-------- C:\Program Files\Avira
2008-02-26 22:53 . 2008-02-26 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-26 21:21 . 2008-02-26 21:21 <REP> d-------- C:\Program Files\CCleaner
2008-02-26 04:38 . 2008-02-26 03:18 36,585,553 --a------ C:\WINDOWS\LPT$VPN.121
2008-02-26 04:37 . 2008-02-26 04:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-26 03:19 . 2008-02-26 03:19 <REP> d-------- C:\WINDOWS\report
2008-02-26 03:18 . 2008-02-26 04:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-26 03:18 . 2008-02-26 03:18 36,585,553 --a------ C:\WINDOWS\VPTNFILE.121
2008-02-26 03:18 . 2008-02-26 03:18 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-26 03:18 . 2008-02-26 04:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-26 03:18 . 2008-02-26 03:18 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-26 03:18 . 2008-02-26 04:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-26 03:18 . 2008-02-26 03:18 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-26 03:18 . 2008-02-26 14:56 823 --a------ C:\WINDOWS\tsc.ini
2008-02-26 03:10 . 2008-02-26 03:10 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-26 03:10 . 2008-02-26 03:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-26 03:10 . 2008-02-26 03:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-26 03:10 . 2008-02-26 03:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-26 03:10 . 2008-02-26 04:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-25 00:14 . 2008-02-25 00:14 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-02-24 15:50 . 2008-02-24 15:50 446,976 --a------ C:\WINDOWS\system32\ShellMPD.dll
2008-02-24 15:49 . 2008-02-24 15:50 <REP> d-------- C:\Program Files\MSN Pictures Displayer
2008-02-24 15:48 . 2008-02-24 15:50 <REP> d-------- C:\Program Files\Panda Security
2008-02-24 15:22 . 2008-02-25 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-24 15:18 . 2008-02-24 15:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-14 21:05 . 2004-08-19 15:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-14 21:05 . 2004-08-19 15:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-14 13:35 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-14 13:35 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-14 13:35 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-14 13:35 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-14 13:35 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-14 13:35 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-14 13:35 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-14 13:35 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-14 13:35 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-14 13:34 . 2008-02-14 13:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-02 19:54 . 2008-02-04 00:26 <REP> d-------- C:\Program Files\Everest Poker
2008-01-30 23:49 . 2008-01-30 23:49 <REP> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 14:18 --------- d-----w C:\Program Files\Windows Live
2008-02-24 14:18 --------- d-----w C:\Program Files\MSN Messenger
2008-02-20 18:16 --------- d-----w C:\Program Files\Zylom Games
2008-01-23 00:09 --------- d-----w C:\Program Files\Macrogaming
2008-01-23 00:02 --------- d-----w C:\Program Files\Trend Micro
2008-01-22 22:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-22 21:50 --------- d-----w C:\Program Files\Lavasoft
2008-01-20 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-13 12:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-12 14:00 --------- d-----w C:\Program Files\Google
2008-01-10 16:36 --------- d-----w C:\Program Files\IncrediMail
2008-01-09 14:16 --------- d-----w C:\Program Files\Free
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 11:57 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 15:15 816368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-26 22:58 249896]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash Player2]
C:\DOCUME~1\VRO~1\LOCALS~1\Temp\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-08-12 10:02 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"runner1"=C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-08-19 03:18]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed588e50-c6e0-11dc-b081-00142aa2c914}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-21 20:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 17:14:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-27 17:16:21 - machine was rebooted [V‚ro]
ComboFix-quarantined-files.txt 2008-02-27 16:16:18
.
2008-02-14 12:09:23 --- E O F ---
27 Février 2008 19:11:25

Désinstalle via ajout/suppr de programmes :
  • Macromaging
  • SweetIm

    *********

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\DOCUME~1\VRO~1\LOCALS~1\Temp\services.exe
    C:\WINDOWS\mrofinu1148.exe

    Folder::
    C:\Program Files\Everest Poker
    C:\Program Files\Macrogaming

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash Player2]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "runner1"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    27 Février 2008 19:42:15

    salut,
    Lorsque je clique sur ton lien "combofix", le programme s'execute mais ne s'installe pas sur mon pc ?
    est ce normal ?
    Comment faire pour l'installer sur mon pc ?
    Merci.
    Sab
    27 Février 2008 19:57:56

    re,
    C'est bon j'ai réussi a tout faire ...

    Rapport conbofix :
    ComboFix 08-02-25.3 - Véro 2008-02-27 19:43:42.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.580 [GMT 1:00]
    Endroit: C:\Documents and Settings\Véro\Bureau\VIRUS\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Véro\Bureau\VIRUS\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\DOCUME~1\VRO~1\LOCALS~1\Temp\services.exe
    C:\WINDOWS\mrofinu1148.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Everest Poker
    C:\Program Files\Everest Poker\casino.exe
    C:\Program Files\Everest Poker\CStart.exe
    C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf
    C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt
    C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt
    C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt
    C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
    C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
    C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
    C:\Program Files\Everest Poker\data\mp-poker\shared.gvt
    C:\Program Files\Everest Poker\data\shared\fr\country.txt
    C:\Program Files\Everest Poker\data\shared\fr\language.txt
    C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
    C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
    C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt
    C:\Program Files\Everest Poker\data\startup\fr\cstart.txt
    C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt
    C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
    C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
    C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
    C:\Program Files\Everest Poker\Everest Poker.exe
    C:\Program Files\Everest Poker\gvbase.dll
    C:\Program Files\Everest Poker\gvcrt.dll
    C:\Program Files\Everest Poker\gvgfx-dib.dll
    C:\Program Files\Everest Poker\gvgfx.dll
    C:\Program Files\Everest Poker\gvmain.dll
    C:\Program Files\Everest Poker\gvmain.exe
    C:\Program Files\Everest Poker\gvnetwork.dll
    C:\Program Files\Everest Poker\gvsound.dll
    C:\Program Files\Everest Poker\history\10.txt
    C:\Program Files\Everest Poker\history\11.txt
    C:\Program Files\Everest Poker\history\12.txt
    C:\Program Files\Everest Poker\history\3.txt
    C:\Program Files\Everest Poker\history\4.txt
    C:\Program Files\Everest Poker\history\5.txt
    C:\Program Files\Everest Poker\history\6.txt
    C:\Program Files\Everest Poker\history\8.txt
    C:\Program Files\Everest Poker\history\9.txt
    C:\Program Files\Everest Poker\init.ini
    C:\Program Files\Everest Poker\log.dat
    C:\Program Files\Everest Poker\settings.ini
    C:\Program Files\Everest Poker\toc_fr.ini
    C:\Program Files\Everest Poker\var\content-fr.dat
    C:\Program Files\Macrogaming
    C:\Program Files\Macrogaming\SweetIM\conf\users\blascotine@live.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\blascotine@live.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cassie066@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cassie066@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\demondu6693@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\demondu6693@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\kinout@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\kinout@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\tipoissonemo@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\tipoissonemo@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\verolidee@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\verolidee@hotmail.fr\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\verolidee@hotmail.fr\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\verolidee@hotmail.fr\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\verolidee@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010109.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010841.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010844.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010848.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010871.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010890.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200AC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200BC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200CD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020115.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020121.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002014F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020152.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020159.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020165.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020168.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020170.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020171.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020175.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002017C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002017D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020186.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020191.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020192.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002019E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040024.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040061.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040083.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600E2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-26 22:53 . 2008-02-26 22:53 <REP> d-------- C:\Program Files\Avira
    2008-02-26 22:53 . 2008-02-26 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-26 21:21 . 2008-02-26 21:21 <REP> d-------- C:\Program Files\CCleaner
    2008-02-26 04:38 . 2008-02-26 03:18 36,585,553 --a------ C:\WINDOWS\LPT$VPN.121
    2008-02-26 04:37 . 2008-02-26 04:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-26 03:19 . 2008-02-26 03:19 <REP> d-------- C:\WINDOWS\report
    2008-02-26 03:18 . 2008-02-26 04:38 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-26 03:18 . 2008-02-26 03:18 36,585,553 --a------ C:\WINDOWS\VPTNFILE.121
    2008-02-26 03:18 . 2008-02-26 03:18 1,922,158 --a------ C:\WINDOWS\tsc.ptn
    2008-02-26 03:18 . 2008-02-26 04:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-26 03:18 . 2008-02-26 03:18 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-26 03:18 . 2008-02-26 04:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-26 03:18 . 2008-02-26 03:18 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-26 03:18 . 2008-02-26 14:56 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-26 03:10 . 2008-02-26 03:10 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-26 03:10 . 2008-02-26 03:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-26 03:10 . 2008-02-26 03:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-26 03:10 . 2008-02-26 03:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-26 03:10 . 2008-02-26 04:37 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-25 00:14 . 2008-02-25 00:14 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-02-24 15:50 . 2008-02-24 15:50 446,976 --a------ C:\WINDOWS\system32\ShellMPD.dll
    2008-02-24 15:49 . 2008-02-24 15:50 <REP> d-------- C:\Program Files\MSN Pictures Displayer
    2008-02-24 15:48 . 2008-02-24 15:50 <REP> d-------- C:\Program Files\Panda Security
    2008-02-24 15:22 . 2008-02-25 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-02-24 15:18 . 2008-02-24 15:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-02-14 21:05 . 2004-08-19 15:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-02-14 21:05 . 2004-08-19 15:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-02-14 13:35 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-14 13:35 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-14 13:35 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-14 13:35 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-14 13:35 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-14 13:35 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-14 13:35 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-14 13:35 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-14 13:35 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-14 13:34 . 2008-02-14 13:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-30 23:49 . 2008-01-30 23:49 <REP> d-------- C:\Program Files\MSXML 4.0

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-26 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-24 14:18 --------- d-----w C:\Program Files\Windows Live
    2008-02-24 14:18 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-20 18:16 --------- d-----w C:\Program Files\Zylom Games
    2008-01-23 00:02 --------- d-----w C:\Program Files\Trend Micro
    2008-01-22 22:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-22 21:50 --------- d-----w C:\Program Files\Lavasoft
    2008-01-22 21:42 54,764 ----a-w C:\WINDOWS\system32\ztx86.sys
    2008-01-20 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-01-13 12:40 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-12 14:00 --------- d-----w C:\Program Files\Google
    2008-01-10 16:36 --------- d-----w C:\Program Files\IncrediMail
    2008-01-09 14:16 --------- d-----w C:\Program Files\Free
    2008-01-09 12:09 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-12-16 11:57 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 15:15 816368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-26 22:58 249896]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "G:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-08-19 03:18]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed588e50-c6e0-11dc-b081-00142aa2c914}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-21 20:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 19:48:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Messenger\msmsgs.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-27 19:50:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-27 18:50:53
    ComboFix2.txt 2008-02-27 16:16:22
    .
    2008-02-14 12:09:23 --- E O F ---

    Rapport hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:51:43, on 27/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSE...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    --
    End of file - 5577 bytes

    Je voulais aussi te demander...
    A ce stade que penses tu de la situation ?
    enfin je voudrais juste avoir ton avis, car je suis novice...
    Merci,
    Sab


    27 Février 2008 20:25:53

    Re,

    C'est mieux ;) 

    Supprime C:\WINDOWS\system32\ztx86.sys

    Fais un scan complet Antivir en mode sans échec, poste le rapport.
    Assure-toi d'avoir fait des mises à jour avant en mode normal.
    28 Février 2008 00:43:13

    je tente ça de suite !
    28 Février 2008 00:54:09

    impossible de supprimer le fichier ztx86.sys !!!!
    28 Février 2008 01:06:19

    Je voudrais bien t'envoyer la fenetre qui s'ouvre lorsque je j'essaie de supprimer le fichier mais je ne sais pas comment faire
    28 Février 2008 01:38:31

    essaie en mode sans échec.
    28 Février 2008 02:03:52

    c'est pas dangereux ?
    28 Février 2008 02:17:37

    non plus !
    Par contre le fichier n'a pas d'extention
    simplement ztx86
    apres quelques recherches sur le net, j'ai tenté un truc
    voilà ce que j'ai fait
    demarrer-->executer-->cmd
    puis la manip pour retrouver le fichier et la fichier introuvable
    J'espere que tu y comprendras quelque chose
    Moi je me demande a ce stade si il ne vaut pas mieux porter le pc en maintenance chez un reparateur !
    Qu'en penses tu ?
    vais je pouvoir supprimer ces trojans ?
    Merci pour ta réponse...
    Sab.
    28 Février 2008 02:32:01

    Pas besoin d'aller chez un réparateur ;) 

    Reposte un HijackThis.
    28 Février 2008 02:36:07

    ok
    a toute !
    28 Février 2008 02:37:37

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:35:54, on 28/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSE...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    --
    End of file - 5448 bytes
    28 Février 2008 02:47:09

    Re,

    ça te dit un nouveau scan antivir ?
    28 Février 2008 02:57:02

    c'est parti !
    28 Février 2008 03:08:24

    sinon peux tu me dire quels sont les soucis sur mon pc
    1) c'est quoi le fichier stx86 ?
    2) comment puis connaitre le nom des trojans sur mon pc ?
    3) a ton avis quel est le moyen le plus probable d'avoir chopé ces truc vu que j'ai Avast en permanence ????
    28 Février 2008 03:19:58

    apres une tasse de café ....
    Voilà le rapport....
    je ne vais pas etre tres originale mais ... Merci encore !

    AntiVir PersonalEdition Classic
    Report file date: jeudi 28 février 2008 02:57

    Scanning for 1126829 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Véro
    Computer name: VÉRO

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:58:50
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 21:58:51
    ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 27/02/2008 21:55:23
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 26/02/2008 21:58:51
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 26/02/2008 21:58:51
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 28 février 2008 02:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    31 processes with 31 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '33' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ztx86.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Begin scan in 'G:\'
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\' <Audio CD>
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: jeudi 28 février 2008 03:14
    Used time: 17:24 min

    The scan has been done completely.

    3399 Scanning directories
    107200 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    107200 Files not concerned
    1057 Archives were scanned
    2 Warnings
    0 Notes

    28 Février 2008 08:51:03

    Bonjour,
    Je voulais savoir si je pouvais supprimer les 7 trojans mis en quarantaine par antivir ?
    merci
    28 Février 2008 11:29:44

    Re,

    Le fichier est présent, on va l'exploser :o 

    Tu peux les supprimer oui.

    Pour répondre à tes réponses :

    Le fichier ztx86.sys (tu n'as pas affiché les extensions d'où l'invisibilité de l'extension ;)  ) est un Backdoor:Win32/Rustock.gen :
    http://www.bleepingcomputer.com/startups/ztx86-21610.ht...

    Pour ta deuxième question, il n'y a pas de réponses appropriée.

    Pour la troisième,
    Pour commencer avast est loin d'être la meilleure protection .. comme tu as pu le lire sur mon tuto :) 
    Et si tu as attrapé des infections, c'est que tu es allé sur des sites peu recommandables, ou bien télécharger des programmes illlégaux etc ..

    *******

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    CD %windir%\system32
    del /f /q ztx86.sys
    pause
    echo Si tu as eu une erreur de suppression, merci de me le dire ;)
    pause

    Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Enregistre le sous sur ton bureau sous le nom de Correction.bat
    Double-clique dessus.
    29 Février 2008 13:13:43

    re,
    Le fichier est introuvable.
    "Le fichier spécifié est introuvable"...Par contre mon ordi rame de plus en plus, penses tu qu'il y ait un rapport ?
    encore plein de MerciS !!!!!
    29 Février 2008 13:44:50

    re !!!!
    J'ai réussi a virer le fichier en mode sans echec, j'avais du mal le faire la derniere fois !!! voili voulou... Pour le coup il ne rame plus !
    Donc immence Merci
    Je te poste un rapport hijackthis et un rapport antivir au cas ou, si besoin
    Dans l'attente de tes nouvelles,
    Sab

    HIJACKTHIS :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:52, on 29/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSE...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    --
    End of file - 5347 bytes


    29 Février 2008 14:10:16

    C'est clean :) 

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe

    Puis Fix Checked !

    ********

    Télécharge ToolsCleaner2( de A.Rothstein)

    Installe le sur ton Bureau
    Clique sur [Recherche] pour lancer le scan
    Clique sur [Supprimer] pour nettoyer les outils utilisés
    Clique sur [Quitter],
    Poste ce rapport ~>C:\TCleaner.txt<~

    Garde ccleaner, avg et antivir si nous les avons installé..
    Rapporte ton infection sur Malware Complaints >Tuto<
    Ton(tes) infection(s) : Ver msn

    Puis regarde ces dossiers :

    Sécurité/Prévention
    Conséquences de la multi-protection
    29 Février 2008 14:32:36

    on a pas installé AVG je dois le faire ?
    29 Février 2008 14:34:00

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Véro\Bureau\Securite\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Véro\Bureau\VIRUS\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Véro\Bureau\VIRUS\ComboFix.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Véro\Bureau\Securite\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Véro\Bureau\VIRUS\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Véro\Bureau\VIRUS\ComboFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    29 Février 2008 14:37:21

    impossible d'ouvrir ton lien Malware Complaints >Tuto<
    par contre je ne comprends pas ce que tu veux que je rapporte sur ce lien !
    29 Février 2008 14:46:44

    Tu vas sur le forum français, et tu rapportes ton infection :) 
    Ver msn. :) 
    29 Février 2008 15:06:41

    le rapport toolscleaner2 ?
    29 Février 2008 15:35:16

    bein désolée mais vraiment je n'arrive pas aller ou tu veux !
    29 Février 2008 16:33:16

    Citation :
    CITATION
    Malware Complaints est une coopération entre beaucoup d’assistants anti-malware et d’experts de partout dans le monde. De tous les coins du monde, ces gens se sont unis pour faire en sorte que les utilisateurs, peu importe de quelle partie du monde ils sont originaires, puissent déposer une plainte contre le malware et leurs auteurs.
    CITATION
    Dénonce ton infection pour faire condamner les auteurs.
    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
    - Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
    - Après t'être enregistré à l'aide du bouton en haut register
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clique sur : I Agree to these terms and am under 13 years of age

    Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS