Se connecter / S'enregistrer
Votre question

Comment se debarasser de admedia, adbanner et autres intrus ?

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Février 2008 08:10:52

Bonjour a tous,

Depuis quelques temps, mes surfs sont deranges par des vagues qui ouvrent intempestivement des ecrans : adbanner, admedia, jeux casino etc...
Je ne suis surement pas le premier. Quelqu'un aurait-il la potion magique pour faire taire ces intrus ?

Reponse ou pas, bonne journee a ceux qui me liront.

Jaku

Autres pages sur : debarasser admedia adbanner intrus

16 Février 2008 10:20:40

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
16 Février 2008 12:17:21

Bonjour et surtout un grand merci pour ton aide.

Voila le fichier Hijackthis (c'est grave docteur ?) :

Logfile of HijackThis v1.99.1
Scan saved at 12:11:42, on 16/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\rnamfler\naomf.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Softwares\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

A ton ecoute,
Cordialement
Jaku
Contenus similaires
Pas de réponse à votre question ? Demandez !
16 Février 2008 12:18:28

Re,

Le rapport est complet ?

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.
Double-clique sur Gmer.exe.

Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche seulement Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et poste le contenu ici.
16 Février 2008 12:55:40

Voila ce que ca donne :

Logfile of HijackThis v1.99.1
Scan saved at 12:11:42, on 16/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\rnamfler\naomf.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Softwares\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

16 Février 2008 13:08:01

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
16 Février 2008 13:54:51

Resultat Scan Combofix :

ComboFix 08-02-16.2 - Jean-Francois 2008-02-16 13:27:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.932.81.1033.18.219 [GMT 1:00]
Running from: C:\Documents and Settings\Jean-Francois\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\rnamfler\radprlib.dll
C:\Program Files\rnamfler\radhslib.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox\CNSMIN~1.DLL
C:\!KillBox\CNSMIN~1.DLL( 1)
C:\!KillBox\CNSMIN~1.DLL( 2)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\Documents and Settings\Jean-Francois\Application Data\macromedia\Flash Player\#SharedObjects\PG8E6WD5\www.broadcaster.com
C:\Documents and Settings\Jean-Francois\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jean-Francois\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jean-Francois\Local Settings\Temp\temp.fr300F\CnsMin.dll
C:\Documents and Settings\Jean-Francois\Local Settings\Temp\temp.fr300F\CnsMinEx.dll
C:\Documents and Settings\Jean-Francois\Local Settings\Temp\temp.fr300F\CnsMinIdn.dll
C:\Documents and Settings\Jean-Francois\Local Settings\Temp\temp.fr300F\CnsMinIO.dll
C:\WINDOWS\cnsinfo.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\cnsio.dll_tobedeleted_old
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\hnmjwjst.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\prsru.ini
C:\WINDOWS\system32\prsru.ini2
C:\WINDOWS\system32\rhwtddxl.dll
C:\WINDOWS\system32\tsjwjmnh.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 20:48 . 2008-02-16 13:39 <DIR> dr-h----- C:\Program Files\rnamfler
2008-02-14 21:18 . 2008-02-14 21:18 <DIR> d-------- C:\Program Files\directx
2008-02-14 21:10 . 2008-02-14 22:04 <DIR> d-------- C:\Program Files\AurynQuest
2008-02-13 07:56 . 2008-02-13 07:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-13 07:56 . 2008-02-13 07:56 <DIR> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
2008-02-13 07:55 . 2008-02-13 07:59 11,070 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-02-12 07:14 . 2008-02-12 07:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-12 07:14 . 2008-02-12 07:14 3,460 --a------ C:\WINDOWS\unins000.dat
2008-02-09 15:51 . 2008-02-09 15:50 28,224 --a------ C:\WINDOWS\system32\ToOgtH2Q.exe
2008-02-09 15:51 . 2008-02-09 15:51 166 --a------ C:\key.shm
2008-01-30 19:48 . 2008-01-30 19:51 37 --a------ C:\del.bat
2008-01-30 19:39 . 2008-01-30 20:05 <DIR> d-------- C:\VundoFix Backups
2008-01-30 19:22 . 2008-01-31 07:07 <DIR> d-------- C:\Program Files\Unlocker
2008-01-30 19:21 . 2008-01-30 19:22 195,645 --a------ C:\unlocker1.8.5.exe
2008-01-30 18:55 . 2008-02-16 12:33 250 --a------ C:\WINDOWS\gmer.ini
2008-01-30 18:51 . 2008-01-30 20:55 <DIR> d-------- C:\mona
2008-01-23 23:06 . 2008-01-23 23:06 <DIR> d-------- C:\WINDOWS\report
2008-01-23 23:04 . 2008-01-23 23:02 35,279,181 --a------ C:\WINDOWS\LPT$VPN.957
2008-01-23 23:02 . 2008-01-23 23:02 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-01-23 23:02 . 2008-01-23 23:02 35,279,181 --a------ C:\WINDOWS\VPTNFILE.957
2008-01-23 23:02 . 2008-01-23 23:02 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-23 23:02 . 2008-01-23 23:02 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-23 23:02 . 2008-01-23 23:02 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-23 23:02 . 2008-01-23 23:02 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-23 23:02 . 2008-01-23 23:02 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-23 23:02 . 2008-01-24 06:22 823 --a------ C:\WINDOWS\tsc.ini
2008-01-23 22:57 . 2008-01-23 23:02 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-01-23 22:57 . 2008-01-23 22:57 <DIR> d-------- C:\WINDOWS\AU_Log
2008-01-23 22:57 . 2008-01-23 22:57 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-23 22:57 . 2008-01-23 22:57 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-23 22:57 . 2008-01-23 22:57 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-23 22:57 . 2008-01-23 22:57 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-22 08:24 . 2008-01-22 22:47 1,089,445 ---hs---- C:\WINDOWS\system32\foivjfwp.ini
2008-01-21 08:24 . 2008-01-21 08:24 1,071,346 ---hs---- C:\WINDOWS\system32\ouyxyrlx.ini
2008-01-20 08:22 . 2008-01-20 09:32 1,073,301 ---hs---- C:\WINDOWS\system32\cugwvaao.ini
2008-01-19 07:22 . 2008-01-19 07:22 1,073,352 ---hs---- C:\WINDOWS\system32\ipfekqpj.ini
2008-01-18 07:19 . 2008-01-19 07:22 1,073,292 ---hs---- C:\WINDOWS\system32\fqkgwfwj.ini
2008-01-17 08:09 . 2008-02-13 08:23 40 --a------ C:\SYSTEM.VER
2008-01-17 07:19 . 2008-01-17 07:19 1,063,937 ---hs---- C:\WINDOWS\system32\iosrhorf.ini
2008-01-16 23:01 . 2008-01-16 23:01 <DIR> d-------- C:\WMSDK
2008-01-16 20:53 . 2008-01-16 20:53 <DIR> d-------- C:\Program Files\Lame MP3 Codec
2008-01-16 20:53 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-16 20:53 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-01-16 20:53 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-16 20:52 . 2008-01-16 20:52 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-01-16 20:50 . 2008-01-16 20:50 <DIR> d-------- C:\Documents and Settings\Jean-Francois\Application Data\DataCast
2008-01-16 20:49 . 2008-01-16 20:49 <DIR> d-------- C:\Program Files\Samsung
2008-01-16 20:49 . 2008-01-16 20:49 <DIR> d-------- C:\Program Files\MarkAny
2008-01-16 20:49 . 2006-02-11 13:02 569,344 --a------ C:\WINDOWS\system32\muzdecode.ax
2008-01-16 20:28 . 2008-01-16 20:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-16 20:22 . 2008-01-16 20:22 <DIR> d-------- C:\Documents and Settings\Jean-Francois\Application Data\InstallShield
2008-01-16 20:11 . 2008-02-16 13:42 385,832 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-16 19:47 . 2008-01-16 19:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-16 19:47 . 2008-01-16 19:47 <DIR> d-------- C:\WINDOWS\ehome
2008-01-16 19:33 . 2002-07-02 05:38 1,325,568 --a------ C:\WINDOWS\system32\webfldrs.msi
2008-01-16 19:32 . 2002-08-29 11:41 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2008-01-16 19:30 . 2002-08-29 11:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-01-16 19:29 . 2002-08-29 11:41 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2008-01-16 19:29 . 2002-08-29 11:41 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2008-01-16 19:29 . 2002-08-29 11:41 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2008-01-16 19:29 . 2002-08-29 11:41 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2008-01-16 19:29 . 2002-08-29 11:41 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2008-01-16 19:29 . 2002-08-29 11:41 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2008-01-16 19:27 . 2002-08-29 11:40 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2008-01-16 19:26 . 2002-08-29 11:41 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2008-01-16 19:25 . 2002-08-29 11:41 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2008-01-16 19:23 . 2002-08-29 11:41 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2008-01-16 19:19 . 2002-08-29 05:39 479,744 --a------ C:\WINDOWS\system32\pintlgnt.ime
2008-01-16 19:18 . 2002-08-29 09:12 75,264 --a------ C:\WINDOWS\system32\phon.ime
2008-01-16 19:18 . 2002-08-29 09:12 10,752 --a------ C:\WINDOWS\system32\miniime.tpl
2008-01-16 19:16 . 2002-08-29 11:40 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2008-01-16 19:13 . 2002-08-29 11:41 578,560 --a------ C:\WINDOWS\system32\appwiz.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 11:08 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\uTorrent
2008-02-15 20:50 --------- d-----w C:\Program Files\uTorrent
2008-02-15 18:45 57,314 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-14 20:12 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\MSN6
2008-02-12 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 06:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 14:57 --------- d-----w C:\Program Files\eMule
2008-02-05 06:46 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\U3
2008-01-31 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:18 --------- d-----w C:\Program Files\Panda Security
2008-01-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-13 08:16 --------- d-----w C:\Program Files\Cabos
2007-12-28 21:19 --------- d-----w C:\Program Files\Soulseek
2007-12-18 05:47 314,624 ----a-w C:\WINDOWS\system32\ursrp.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-11-04 07:03 24,496 ----a-w C:\Documents and Settings\Jean-Francois\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:46 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C99F1FC-354F-40E6-8A82-1C035E515CF3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CB01BDD-FAEA-4B9A-8BCE-869B08FFC5B9}]
2007-12-18 06:47 314624 --a------ C:\WINDOWS\System32\ursrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE48D2A-573E-451B-9EEC-93EF0A624C3E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA88CD2F-22D2-4F7C-A2E0-6B23C3279736}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 11:41 1511453]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:41 13312]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2006-05-08 04:17 81920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 17:25 1961984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wrna3ls"="C:\Program Files\rnamfler\naomf.exe" [2006-04-01 10:45 1253960]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-18 13:00 31744 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-04-18 23:13 364544 C:\WINDOWS\system32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-15 16:41 126976]
"TFNF5"="TFNF5.exe" [2001-08-03 09:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-07-31 19:41 126976]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 04:38 217088 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 02:20 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-29 05:38 208953]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 13:00 44032]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 05:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 05:39 455168]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 23:10 181752]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-06 22:55 98304]
"40032c89"="C:\WINDOWS\System32\hnmjwjst.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 18:51:44 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ursrp.dll

R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-12 19:26]
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\System32\DRIVERS\TVALG.SYS [2001-09-14 03:53]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2006-07-18 11:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2006-07-18 11:02]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 02:13]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2006-03-16 10:39]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 11:34]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 19:16]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 19:12]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-14 16:00:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-14 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 23:00:06 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 00:00:06 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 01:00:04 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-11 02:00:05 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-09 14:51:18 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-09 14:51:18 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 05:00:13 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 06:00:03 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 07:00:04 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 08:00:02 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 09:00:02 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 10:00:05 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 11:00:06 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-16 12:00:03 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 13:00:03 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-11 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 14:00:06 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 15:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-14 16:00:07 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-14 17:00:09 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 18:00:02 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 19:00:04 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 20:00:03 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 21:00:04 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-15 22:00:06 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\System32\ToOgtH2Q.exe
"2008-02-09 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-09 04:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-15 05:00:02 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\VlvSKQrB.exe

"2008-02-16 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
"2008-02-16 07:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\VlvSKQrB.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 13:41:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\WINDOWS\System32\ursrp.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\System32\ursrp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
.
**************************************************************************
.
Completion time: 2008-02-16 13:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 12:47:27
16 Février 2008 14:49:45

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\System32\ursrp.dll
C:\WINDOWS\System32\VlvSKQrB.exe
C:\WINDOWS\System32\ToOgtH2Q.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\System32\hnmjwjst.dll
C:\WINDOWS\system32\foivjfwp.ini
C:\WINDOWS\system32\ouyxyrlx.ini
C:\WINDOWS\system32\cugwvaao.ini
C:\WINDOWS\system32\ipfekqpj.ini
C:\WINDOWS\system32\fqkgwfwj.ini
C:\WINDOWS\system32\iosrhorf.ini
C:\key.shm
C:\del.bat

Folder::
C:\Program Files\rnamfler
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wrna3ls"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"40032c89"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

********

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\System32\ezSP_Px.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Fais la même chose avec ces fichiers : C:\WINDOWS\IFinst26.exe , C:\SYSTEM.VER
16 Février 2008 19:35:45

Je te mets les resultats dans l'ordre tel que demande :

Combofix :



ComboFix 08-02-16.2 - Jean-Francois 2008-02-16 18:52:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.932.81.1033.18.221 [GMT 1:00]
Running from: C:\Documents and Settings\Jean-Francois\Desktop\ComboFix.exe
Command switches used :: E:\Softwares\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\del.bat
C:\key.shm
C:\WINDOWS\system32\cugwvaao.ini
C:\WINDOWS\system32\foivjfwp.ini
C:\WINDOWS\system32\fqkgwfwj.ini
C:\WINDOWS\System32\hnmjwjst.dll
C:\WINDOWS\system32\iosrhorf.ini
C:\WINDOWS\system32\ipfekqpj.ini
C:\WINDOWS\system32\ouyxyrlx.ini
C:\WINDOWS\System32\ToOgtH2Q.exe
C:\WINDOWS\System32\ursrp.dll
C:\WINDOWS\System32\VlvSKQrB.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\ursrp.dll
C:\del.bat
C:\key.shm
C:\Program Files\rnamfler
C:\Program Files\rnamfler\manual.htm
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\rnamfler\radhslib.dll
C:\Program Files\rnamfler\radprcmp.exe
C:\Program Files\rnamfler\radprlib.dll
C:\Program Files\rnamfler\stream.rep
C:\Program Files\rnamfler\tray.jpg
C:\Program Files\rnamfler\unims000.dat
C:\VundoFix Backups
C:\VundoFix Backups\cbxutqq.dll.bad
C:\WINDOWS\system32\cugwvaao.ini
C:\WINDOWS\system32\foivjfwp.ini
C:\WINDOWS\system32\fqkgwfwj.ini
C:\WINDOWS\system32\iosrhorf.ini
C:\WINDOWS\system32\ipfekqpj.ini
C:\WINDOWS\system32\ouyxyrlx.ini
C:\WINDOWS\system32\prsru.ini
C:\WINDOWS\system32\prsru.ini2
C:\WINDOWS\System32\ToOgtH2Q.exe
C:\WINDOWS\System32\ursrp.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-14 21:18 . 2008-02-14 21:18 <DIR> d-------- C:\Program Files\directx
2008-02-14 21:10 . 2008-02-14 22:04 <DIR> d-------- C:\Program Files\AurynQuest
2008-02-13 07:56 . 2008-02-13 07:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-13 07:56 . 2008-02-13 07:56 <DIR> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
2008-02-13 07:55 . 2008-02-13 07:59 11,070 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-02-12 07:14 . 2008-02-12 07:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-12 07:14 . 2008-02-12 07:14 3,460 --a------ C:\WINDOWS\unins000.dat
2008-01-30 19:22 . 2008-01-31 07:07 <DIR> d-------- C:\Program Files\Unlocker
2008-01-30 19:21 . 2008-01-30 19:22 195,645 --a------ C:\unlocker1.8.5.exe
2008-01-30 18:55 . 2008-02-16 12:33 250 --a------ C:\WINDOWS\gmer.ini
2008-01-30 18:51 . 2008-01-30 20:55 <DIR> d-------- C:\mona
2008-01-23 23:06 . 2008-01-23 23:06 <DIR> d-------- C:\WINDOWS\report
2008-01-23 23:04 . 2008-01-23 23:02 35,279,181 --a------ C:\WINDOWS\LPT$VPN.957
2008-01-23 23:02 . 2008-01-23 23:02 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-01-23 23:02 . 2008-01-23 23:02 35,279,181 --a------ C:\WINDOWS\VPTNFILE.957
2008-01-23 23:02 . 2008-01-23 23:02 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-23 23:02 . 2008-01-23 23:02 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-23 23:02 . 2008-01-23 23:02 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-23 23:02 . 2008-01-23 23:02 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-23 23:02 . 2008-01-23 23:02 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-23 23:02 . 2008-01-24 06:22 823 --a------ C:\WINDOWS\tsc.ini
2008-01-23 22:57 . 2008-01-23 23:02 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-01-23 22:57 . 2008-01-23 22:57 <DIR> d-------- C:\WINDOWS\AU_Log
2008-01-23 22:57 . 2008-01-23 22:57 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-23 22:57 . 2008-01-23 22:57 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-23 22:57 . 2008-01-23 22:57 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-23 22:57 . 2008-01-23 22:57 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-17 08:09 . 2008-02-13 08:23 40 --a------ C:\SYSTEM.VER
2008-01-16 23:01 . 2008-01-16 23:01 <DIR> d-------- C:\WMSDK
2008-01-16 20:53 . 2008-01-16 20:53 <DIR> d-------- C:\Program Files\Lame MP3 Codec
2008-01-16 20:53 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-16 20:53 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-01-16 20:53 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-16 20:52 . 2008-01-16 20:52 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-01-16 20:50 . 2008-01-16 20:50 <DIR> d-------- C:\Documents and Settings\Jean-Francois\Application Data\DataCast
2008-01-16 20:49 . 2008-01-16 20:49 <DIR> d-------- C:\Program Files\Samsung
2008-01-16 20:49 . 2008-01-16 20:49 <DIR> d-------- C:\Program Files\MarkAny
2008-01-16 20:49 . 2006-02-11 13:02 569,344 --a------ C:\WINDOWS\system32\muzdecode.ax
2008-01-16 20:28 . 2008-01-16 20:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-16 20:22 . 2008-01-16 20:22 <DIR> d-------- C:\Documents and Settings\Jean-Francois\Application Data\InstallShield
2008-01-16 20:11 . 2008-02-16 13:42 439,376 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-16 19:47 . 2008-01-16 19:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-16 19:47 . 2008-01-16 19:47 <DIR> d-------- C:\WINDOWS\ehome
2008-01-16 19:33 . 2002-07-02 05:38 1,325,568 --a------ C:\WINDOWS\system32\webfldrs.msi
2008-01-16 19:32 . 2002-08-29 11:41 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2008-01-16 19:30 . 2002-08-29 11:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-01-16 19:29 . 2002-08-29 11:41 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2008-01-16 19:29 . 2002-08-29 11:41 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2008-01-16 19:29 . 2002-08-29 11:41 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2008-01-16 19:29 . 2002-08-29 11:41 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2008-01-16 19:29 . 2002-08-29 11:41 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2008-01-16 19:29 . 2002-08-29 11:41 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2008-01-16 19:27 . 2002-08-29 11:40 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2008-01-16 19:26 . 2002-08-29 11:41 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2008-01-16 19:25 . 2002-08-29 11:41 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2008-01-16 19:23 . 2002-08-29 11:41 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2008-01-16 19:19 . 2002-08-29 05:39 479,744 --a------ C:\WINDOWS\system32\pintlgnt.ime
2008-01-16 19:18 . 2002-08-29 09:12 75,264 --a------ C:\WINDOWS\system32\phon.ime
2008-01-16 19:18 . 2002-08-29 09:12 10,752 --a------ C:\WINDOWS\system32\miniime.tpl
2008-01-16 19:16 . 2002-08-29 11:40 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2008-01-16 19:13 . 2002-08-29 11:41 578,560 --a------ C:\WINDOWS\system32\appwiz.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 17:49 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\uTorrent
2008-02-15 20:50 --------- d-----w C:\Program Files\uTorrent
2008-02-15 18:45 57,314 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-14 20:12 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\MSN6
2008-02-12 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 06:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 14:57 --------- d-----w C:\Program Files\eMule
2008-02-05 06:46 --------- d-----w C:\Documents and Settings\Jean-Francois\Application Data\U3
2008-01-31 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:18 --------- d-----w C:\Program Files\Panda Security
2008-01-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-13 08:16 --------- d-----w C:\Program Files\Cabos
2007-12-28 21:19 --------- d-----w C:\Program Files\Soulseek
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-11-04 07:03 24,496 ----a-w C:\Documents and Settings\Jean-Francois\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:46 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CB01BDD-FAEA-4B9A-8BCE-869B08FFC5B9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 11:41 1511453]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:41 13312]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe" [2006-05-08 04:17 81920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 17:25 1961984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-18 13:00 31744 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-04-18 23:13 364544 C:\WINDOWS\system32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-15 16:41 126976]
"TFNF5"="TFNF5.exe" [2001-08-03 09:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-07-31 19:41 126976]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 04:38 217088 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 02:20 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-29 05:38 208953]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 13:00 44032]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 05:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 05:39 455168]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 23:10 181752]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 18:51:44 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ursrp.dll

R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-12 19:26]
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\System32\DRIVERS\TVALG.SYS [2001-09-14 03:53]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2006-07-18 11:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2006-07-18 11:02]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 02:13]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2006-03-16 10:39]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 11:34]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 19:16]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 19:12]

*Newly Created Service* - SJYPKT
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 19:04:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
.
**************************************************************************
.
Completion time: 2008-02-16 19:09:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 18:08:51
ComboFix2.txt 2008-02-16 12:47:37



Hijackthis




Logfile of HijackThis v1.99.1
Scan saved at 19:11:06, on 16/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\explorer.exe
E:\Softwares\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



Le scan de C:\WINDOWS\System32\ezSP_Px.exe



Fichier ezSP_Px.exe recu le 2008.02.12 17:56:25 (CET)
Situation actuelle: termine

Resultat: 1/32 (3.12%)
Formate Impression des resultats
Antivirus Version Derniere mise a jour Resultat
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 High threat detected
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2868 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -
Information additionnelle
File size: 40960 bytes
MD5: 2849ed071a0d83406bda342aa767f24e
SHA1: 206539de128cbdb2d169073bb31237fc7a7d0259




Le scan de C:\WINDOWS\IFinst26.exe


Fichier IFinst26.exe recu le 2008.02.13 15:08:48 (CET)
Situation actuelle: termine

Resultat: 1/32 (3.12%)
Formate Impression des resultats
Antivirus Version Derniere mise a jour Resultat
AhnLab-V3 2008.2.13.11 2008.02.13 -
AntiVir 7.6.0.65 2008.02.13 -
Authentium 4.93.8 2008.02.13 -
Avast 4.7.1098.0 2008.02.13 -
AVG 7.5.0.516 2008.02.13 -
BitDefender 7.2 2008.02.13 -
CAT-QuickHeal None 2008.02.13 -
ClamAV 0.92 2008.02.13 -
DrWeb 4.44.0.09170 2008.02.13 -
eSafe 7.0.15.0 2008.02.11 suspicious Trojan/Worm
eTrust-Vet 31.3.5533 2008.02.13 -
Ewido 4.0 2008.02.13 -
FileAdvisor 1 2008.02.13 -
Fortinet 3.14.0.0 2008.02.13 -
F-Prot 4.4.2.54 2008.02.12 -
F-Secure 6.70.13260.0 2008.02.13 -
Ikarus T3.1.1.20 2008.02.13 -
Kaspersky 7.0.0.125 2008.02.13 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.13 -
NOD32v2 2871 2008.02.13 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.13 -
Prevx1 V2 2008.02.13 -
Rising 20.31.10.00 2008.02.13 -
Sophos 4.26.0 2008.02.13 -
Sunbelt 2.2.907.0 2008.02.13 -
Symantec 10 2008.02.13 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.13 -
Information additionnelle
File size: 65024 bytes
MD5: fdc9d4de50a845137580698494b19f13
SHA1: 0982241e310fd7d79ce544d1c78ee4c6ce704091
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX



et le dernier scan, celui de C:\SYSTEM.VER


Fichier SYSTEM.VER reçu le 2008.02.16 19:27:10 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 41 et 59 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.15 -
Avast 4.7.1098.0 2008.02.15 -
AVG 7.5.0.516 2008.02.16 -
BitDefender 7.2 2008.02.16 -
CAT-QuickHeal None 2008.02.16 -
ClamAV 0.92.1 2008.02.16 -
DrWeb 4.44.0.09170 2008.02.16 -
eSafe 7.0.15.0 2008.02.14 -
eTrust-Vet 31.3.5541 2008.02.15 -
Ewido 4.0 2008.02.16 -
FileAdvisor 1 2008.02.16 -
Fortinet 3.14.0.0 2008.02.16 -
F-Prot 4.4.2.54 2008.02.15 -
F-Secure 6.70.13260.0 2008.02.15 -
Ikarus T3.1.1.20 2008.02.16 -
Kaspersky 7.0.0.125 2008.02.16 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.16 -
NOD32v2 2880 2008.02.15 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.16 -
Prevx1 V2 2008.02.16 -
Rising 20.31.50.00 2008.02.16 -
Sophos 4.26.0 2008.02.16 -
Sunbelt 2.2.907.0 2008.02.16 -
Symantec 10 2008.02.16 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.15 -
Webwasher-Gateway 6.6.2 2008.02.15 -
Information additionnelle
File size: 40 bytes
MD5: 3d090925b2e85afc1804e3e9c97d31fd
SHA1: fdb6d5cf96198d9c7ea652c901e09c37dfb5eee3


Bon courage

16 Février 2008 19:57:22

Reposte un HIjackthis ;) 
16 Février 2008 20:32:17

Le voila :

Logfile of HijackThis v1.99.1
Scan saved at 20:31:54, on 16/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
E:\Softwares\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

16 Février 2008 20:52:40

Relance HiJackThis, do a system scan only, coche ces lignes :
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Puis Fix Checked !7

**********

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
17 Février 2008 08:48:06

Bonjour,

Au redemarrage, on me signale :
"File C:\Windows\System32\hnmjwjst.dll coul not be found"

Le scan Antivir donne ceci :



AntiVir PersonalEdition Classic
Report file date: 17 February 2008 07:26

Scanning for 1110678 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: YOUR-Q94BJVTL0R

Version information:
BUILD.DAT : 270 15603 Bytes 2007/09/19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007/08/23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007/08/16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007/08/14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007/08/21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007/07/18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007/12/14 06:25:03
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008/02/08 06:25:03
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 2008/02/15 06:25:03
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008/02/17 06:25:09
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007/02/26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007/07/18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007/04/16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008/02/17 06:25:09
AVREG.DLL : 7.0.1.6 30760 Bytes 2007/07/18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007/08/28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007/07/18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007/03/08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007/08/07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007/08/21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007/07/23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 17 February 2008 07:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'TosHKCW.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'TPWRTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'TFNF5.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A1192D001>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\!KillBox\cbxutqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.DST
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-02-16_190411.25.zip
[0] Archive type: ZIP
--> ursrp.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVE
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\hnmjwjst.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\rhwtddxl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ToOgtH2Q.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ursrp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP465\A0108062.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP467\A0109060.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP468\A0110086.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP468\A0111069.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112150.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112151.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112152.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112153.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112154.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112155.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112156.dll
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112157.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112158.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112159.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112160.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112161.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112162.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112163.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvc.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112164.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112165.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112166.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvc.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112167.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112168.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvc.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP470\A0112169.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvc.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP476\A0114285.dll
[DETECTION] Is the Trojan horse TR/Vundo.DST
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP476\A0114313.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP493\A0122836.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP493\A0122837.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP496\A0122931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP496\A0122935.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVE
[INFO] The file was deleted!
C:\System Volume Information\_restore{39EDCBAE-38D3-4476-92C6-3D335126EE98}\RP497\A0123274.dll
[DETECTION] Is the Trojan horse TR/Vundo.DST
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\My documents\Software\WinRAR\wrar33b4fr.exe
[0] Archive type: RAR SFX (self extracting)
--> Default.SFX
[DETECTION] Contains detection pattern of the IRC virus IRC/BDS/Flood.A
[INFO] The file was deleted!


End of the scan: 17 February 2008 08:22
Used time: 56:02 min

The scan has been done completely.

3387 Scanning directories
189734 Files were scanned
38 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
38 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
189696 Files not concerned
6231 Archives were scanned
3 Warnings
10 Notes

17 Février 2008 14:05:13

Reposte unHijackthis.

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
17 Février 2008 16:16:01

Comme demande :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSMain.exe
C:\Program Files\internet explorer\iexplore.exe
E:\Softwares\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Rapport Clean :

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 17/02/2008 a 16:12:14.16

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Donc pas de fichier C:\upload_moi.zip


17 Février 2008 19:11:40

Re,

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d%u2019analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
17 Février 2008 22:19:15

Tout d'abord le Rapport AVG :

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A V G A n t i - S p y w a r e - R a p p o r t d ' a n a l y s e

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r : 2 2 : 0 2 : 2 1 1 7 / 0 2 / 2 0 0 8



+ R s u l t a t d e l ' a n a l y s e :







C : \ Q o o B o x \ Q u a r a n t i n e \ C \ Q o o B o x \ Q u a r a n t i n e \ C \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ L o c a l S e t t i n g s \ T e m p \ t e m p . f r 3 0 0 F \ C n s M i n E x . d l l . v i r . v i r - > A d w a r e . C d n : N e t t o y .

C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ J w d M i n E x . c a b / C n s M i n E x . d l l - > A d w a r e . C d n : N e t t o y .

C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ C l e a n e r I n s t a l l . e x e - > N o t - A - V i r u s . A d w a r e . W e b S e a r c h : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ r o t a t o r . a d j u g g l e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d j u g g l e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ a d r e v o l v e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d r e v o l v e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ m e d i a . a d r e v o l v e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d r e v o l v e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ a d v e r t i s i n g [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ b l u e s t r e a k [ 2 ] . t x t - > T r a c k i n g C o o k i e . B l u e s t r e a k : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ e s t a t [ 1 ] . t x t - > T r a c k i n g C o o k i e . E s t a t : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ m e d i a p l e x [ 2 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ s s l - h i n t s . n e t f l a m e [ 1 ] . t x t - > T r a c k i n g C o o k i e . N e t f l a m e : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ o v e r t u r e [ 1 ] . t x t - > T r a c k i n g C o o k i e . O v e r t u r e : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ s m a r t a d s e r v e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . S m a r t a d s e r v e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ t r a d e d o u b l e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . T r a d e d o u b l e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ w e b o r a m a [ 2 ] . t x t - > T r a c k i n g C o o k i e . W e b o r a m a : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ m . w e b t r e n d s [ 1 ] . t x t - > T r a c k i n g C o o k i e . W e b t r e n d s : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ a d . y i e l d m a n a g e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : N e t t o y .

C : \ D o c u m e n t s a n d S e t t i n g s \ J e a n - F r a n c o i s \ C o o k i e s \ j e a n - f r a n c o i s @ z e d o [ 1 ] . t x t - > T r a c k i n g C o o k i e . Z e d o : N e t t o y .





F i n d u r a p p o r t

Puis le rapport CLEAN :



Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 17/02/2008 a 22:03:52.04

Microsoft Windows XP [Version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !




17 Février 2008 22:29:24

Re,

Supprime :
  • C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ J w d M i n E x . c a b

    ********

    Reposte un Hijackthis.
    17 Février 2008 22:54:10

    ???

    Je n'ai pas exactement le fichier demande : a la place de .can j'ai .ini
    Je supprime qd meme ??
    17 Février 2008 22:59:03

    Vas-y.
    Reposte un Hijackthis.
    Toujours des problèmes ?
    17 Février 2008 23:01:49


    Non, plus de pb.

    Le poste demande :

    Logfile of HijackThis v1.99.1
    Scan saved at 23:00:56, on 17/02/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\conime.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    E:\Softwares\HijackThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


    C'est fini ??
    17 Février 2008 23:17:37

    Re,

    Relance HiJackThis, do a system scan only, coche ces lignes :

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [40032c89] rundll32.exe "C:\WINDOWS\System32\hnmjwjst.dll",b
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)

    Puis Fix Checked !

    *******

    Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
    Rapporte ton infection sur Malware Complaints >Tuto<
    Ton(tes) infection(s) : Vundo

    Puis regarde ce dossier :

    Sécurité/Prévention
    18 Février 2008 22:19:23

    Merci pour ton (excellent) travail et pour le temps que tu y as perdu.
    Je n'arrive pas a comprendre l'interet de tous ces pauvres types qui verolent nos PC mais au moins cela m'a permis de decouvrir qu'il existe encore des gens desinteresses qui meritent le respect.

    Cordialement et sincerement.
    19 Février 2008 12:43:34

    De rien, bonne journée ;)  (ensoleillée j'espère)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS