Votre question

[Résolu] virus proper.exe

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Février 2008 22:24:09

N'ai plus aucun droit administrateur.
Voici le rapport, merci de m'indiquer la demarche à suivre pour regler mon probleme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:42, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://www.achatpublic.com/sdm/cgapc/jar/install/jinst...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-downloa...
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6434 bytes

Autres pages sur : resolu virus proper exe

a b 8 Sécurité
8 Février 2008 22:44:37

Un bonjour ?

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    9 Février 2008 12:16:26

    Bonjour Angeldark,
    merci pour ta reponse.
    Voici le rapport apres lancement de combofix :

    ComboFix 08-02.05.3 - frederic 2008-02-09 12:08:33.1 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.270 [GMT 1:00]
    Endroit: C:\Documents and Settings\frederic\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
    C:\Documents and Settings\frederic\Application Data\DriveCleaner Free
    C:\Documents and Settings\frederic\Application Data\DriveCleaner Free\Logs\update.log
    C:\Documents and Settings\frederic\Application Data\MessengerSkinner
    C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\defaultPack.cab
    C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\languages.xml
    C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\languages_v2.xml
    C:\Documents and Settings\frederic\Application Data\MessengerSkinner\Userdata\pack1.cab
    C:\Documents and Settings\frederic\err.log
    C:\Program Files\Fichiers communs\drivecleaner free
    C:\Program Files\Fichiers communs\SystemDoctor
    C:\Program Files\Fichiers communs\SystemDoctor\err.log
    C:\Program Files\Fichiers communs\SystemDoctor\up.dat
    C:\Program Files\Fichiers communs\SystemDoctor\USDR6cw.exe
    C:\WA6P
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\jssjig.dat
    C:\WINDOWS\system32\jssjig.exe
    C:\WINDOWS\system32\jssjig_navps.dat
    C:\WINDOWS\system32\koos.exe . . . . Echec de suppression
    C:\WINDOWS\system32\kprof . . . . Echec de suppression
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\poof . . . . Echec de suppression
    C:\WINDOWS\system32\stera.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_POOF
    -------\symavc32


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-08 22:16 . 2008-02-08 22:16 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-08 21:38 . 2008-02-08 21:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-08 14:10 . 2008-02-08 14:10 <REP> d-------- C:\WINDOWS\report
    2008-02-08 14:08 . 2008-02-08 14:08 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-08 14:08 . 2008-02-08 14:08 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
    2008-02-08 14:08 . 2008-02-08 14:08 1,919,160 --a------ C:\WINDOWS\tsc.ptn
    2008-02-08 14:08 . 2008-02-08 21:39 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-08 14:08 . 2008-02-08 14:08 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-08 14:08 . 2008-02-08 21:39 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-08 14:08 . 2008-02-08 14:08 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-08 14:08 . 2008-02-08 21:42 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-08 14:07 . 2008-02-08 14:07 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-08 14:07 . 2008-02-08 21:38 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-08 14:06 . 2008-02-08 14:07 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-08 14:06 . 2008-02-08 14:07 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-08 14:06 . 2008-02-08 14:07 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Program Files\RegistrySmart
    2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Documents and Settings\frederic\Application Data\RegistrySmart
    2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\frederic\Application Data\FloodLightGames
    2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
    2008-01-31 13:05 . 2008-01-31 13:05 <REP> d-------- C:\Documents and Settings\frederic\Saved Games
    2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\orange
    2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\GamesBar
    2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-01-30 19:52 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2008-01-30 19:52 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll
    2008-01-30 19:52 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\BoontyGames
    2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\Boonty
    2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Documents and Settings\frederic\Application Data\AdobeUM
    2008-01-26 00:48 . 2008-01-26 00:48 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
    2008-01-26 00:47 . 2008-01-26 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 11:09 25,088 ------w C:\WINDOWS\system32\koos.exe
    2008-01-06 17:34 46,348 ----a-w C:\WINDOWS\system32\SmrtDrive.dll
    2008-01-06 17:27 10,010 ----a-w C:\WINDOWS\SMRTDRIV.DLL
    2007-12-30 21:15 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-30 11:51 --------- d-----w C:\Documents and Settings\frederic\Application Data\SuperAdBlocker.com
    2007-12-30 11:50 --------- d-----w C:\Program Files\SuperAdBlocker.com
    2007-12-23 17:08 --------- d-----w C:\Program Files\UseNeXT
    2007-12-23 17:08 --------- d-----w C:\Documents and Settings\frederic\Application Data\UseNeXT
    2007-12-07 23:42 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-26 22:00 155648]
    "RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2008-01-23 15:55 4347120]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
    C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^autos.exe]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
    backup=C:\WINDOWS\pss\autos.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^infos.exe]
    path=C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
    backup=C:\WINDOWS\pss\infos.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
    path=C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
    backup=C:\WINDOWS\pss\YesMessenger.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check]
    C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
    C:\WINDOWS\system32\spoolc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jssjig]
    c:\windows\system32\jssjig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check]
    C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-03-26 22:00 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
    --a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-11-01 20:32 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
    C:\WINDOWS\system32\winter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw]
    C:\Program Files\Fichiers communs\SystemDoctor\USDR6cw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\WANADOO\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "iPodService"=3 (0x3)
    "aawservice"=2 (0x2)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "CiSvc"=3 (0x3)
    "aspnet_state"=3 (0x3)
    "AppMgmt"=3 (0x3)

    R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
    R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
    R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-01-30 19:57]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-09 11:12:38 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 12:12:43
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-09 12:13:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-09 11:13:52
    .
    2008-01-08 21:04:19 --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    9 Février 2008 12:26:48

    Re,

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    9 Février 2008 13:43:30

    Re,

    combofix m'a permis de retrouver mes droits administrateurs,merci beaucoup.

    Voici le rapport de Gmer, apparemment il reste des logiciels malveillants.
    Dois-je les supprimer manuellement ?

    GMER 1.0.14.14116 - http://www.gmer.net
    Rootkit scan 2008-02-09 13:41:33
    Windows 5.1.2600 Service Pack 2


    ---- User code sections - GMER 1.0.14 ----

    .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1628] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
    ---- Processes - GMER 1.0.14 ----

    Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00400000
    Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x10000000
    Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00340000
    Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00ED0000

    ---- Files - GMER 1.0.14 ----

    File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Player Metaboli\Jeux\J. Verne - L'Ile..\Désinstaller J. Verne - L'Ile....lnk
    File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Player Metaboli\Jeux\J. Verne - L'Ile..\Jouer.lnk

    ---- EOF - GMER 1.0.14 ----
    a b 8 Sécurité
    10 Février 2008 11:53:32

    On attaque :) 

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Rootkit::
    C:\WINDOWS\system32\koos.exe

    File::
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
    C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
    C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
    C:\WINDOWS\system32\spoolc.exe
    c:\windows\system32\jssjig.exe

    Folder::
    C:\Program Files\GamesBar
    C:\WINDOWS\system32\kprof
    C:\WINDOWS\system32\poof
    C:\Program Files\Fichiers communs\SystemDoctor

    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^autos.exe]
    [-HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^infos.exe]
    [-HKLM\~\startupfolder\C:^Documents and Settings^frederic^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jssjig]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    10 Février 2008 13:50:30

    Voilà c'est fait,

    Je te poste les rapports demandés.

    Par contre j'avais une autre petite question, j'ai vu dans un autre topic que quelqu'un avait un virus qui envoie plein d'emails et il parle de smss.exe.
    Je me demande si j'ai pas le meme probleme car des fois je reçois des spams venant de ma propre adresse.

    Merci d'avance pour ta reponse, voici les rapports :


    ComboFix 08-02.05.3 - frederic 2008-02-10 13:37:08.2 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.315 [GMT 1:00]
    Endroit: C:\Documents and Settings\frederic\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\frederic\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
    C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\infos.exe
    C:\Documents and Settings\frederic\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
    c:\windows\system32\jssjig.exe
    C:\WINDOWS\system32\spoolc.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\GamesBar
    C:\Program Files\GamesBar\Localization-French.ini
    C:\WINDOWS\system32\koos.exe
    C:\WINDOWS\system32\kprof
    C:\WINDOWS\system32\kprof\
    C:\WINDOWS\system32\poof
    C:\WINDOWS\system32\poof\

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-09 19:58 . 2008-02-09 19:58 <REP> d-------- C:\Program Files\FIFA07
    2008-02-09 13:37 . 2008-02-09 13:37 250 --a------ C:\WINDOWS\gmer.ini
    2008-02-09 12:21 . 2008-02-09 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tages
    2008-02-09 12:21 . 2008-02-09 12:21 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2008-02-09 12:21 . 2008-02-09 12:21 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2008-02-08 22:16 . 2008-02-08 22:16 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-08 21:38 . 2008-02-08 21:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-08 14:10 . 2008-02-08 14:10 <REP> d-------- C:\WINDOWS\report
    2008-02-08 14:08 . 2008-02-08 14:08 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-08 14:08 . 2008-02-08 14:08 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
    2008-02-08 14:08 . 2008-02-08 14:08 1,919,160 --a------ C:\WINDOWS\tsc.ptn
    2008-02-08 14:08 . 2008-02-08 21:39 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-08 14:08 . 2008-02-08 14:08 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-08 14:08 . 2008-02-08 21:39 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-08 14:08 . 2008-02-08 14:08 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-08 14:08 . 2008-02-08 21:42 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-08 14:07 . 2008-02-08 14:07 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-08 14:07 . 2008-02-08 21:38 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-08 14:06 . 2008-02-08 14:07 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-08 14:06 . 2008-02-08 14:07 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-08 14:06 . 2008-02-08 14:07 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Program Files\RegistrySmart
    2008-02-08 13:56 . 2008-02-08 13:56 <REP> d-------- C:\Documents and Settings\frederic\Application Data\RegistrySmart
    2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\frederic\Application Data\FloodLightGames
    2008-02-02 12:28 . 2008-02-02 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
    2008-01-31 13:05 . 2008-01-31 13:05 <REP> d-------- C:\Documents and Settings\frederic\Saved Games
    2008-01-31 12:50 . 2008-01-31 12:50 <REP> d-------- C:\Program Files\orange
    2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-01-30 19:57 . 2008-01-30 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-01-30 19:52 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2008-01-30 19:52 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll
    2008-01-30 19:52 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\BoontyGames
    2008-01-30 19:51 . 2008-01-30 19:51 <REP> d-------- C:\Program Files\Boonty
    2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-01-28 11:55 . 2008-01-28 11:55 <REP> d-------- C:\Documents and Settings\frederic\Application Data\AdobeUM
    2008-01-26 00:48 . 2008-01-26 00:48 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
    2008-01-26 00:47 . 2008-01-26 00:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 17:34 46,348 ----a-w C:\WINDOWS\system32\SmrtDrive.dll
    2008-01-06 17:27 10,010 ----a-w C:\WINDOWS\SMRTDRIV.DLL
    2007-12-30 21:15 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-30 11:51 --------- d-----w C:\Documents and Settings\frederic\Application Data\SuperAdBlocker.com
    2007-12-30 11:50 --------- d-----w C:\Program Files\SuperAdBlocker.com
    2007-12-23 17:08 --------- d-----w C:\Program Files\UseNeXT
    2007-12-23 17:08 --------- d-----w C:\Documents and Settings\frederic\Application Data\UseNeXT
    2007-12-07 23:42 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll
    2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-26 22:00 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6V_Check]
    C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep]
    C:\WINDOWS\system32\spoolc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDRV_Check]
    C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-03-26 22:00 155648 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
    C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-11-01 20:32 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
    C:\WINDOWS\system32\winter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\WANADOO\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "iPodService"=3 (0x3)
    "aawservice"=2 (0x2)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "CiSvc"=3 (0x3)
    "aspnet_state"=3 (0x3)
    "AppMgmt"=3 (0x3)

    R2 X4HSX32;X4HSX32;C:\Program Files\Player Metaboli\X4HSX32.Sys [2006-12-13 09:34]
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-01-30 19:57]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-09 11:29:38 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 13:40:11
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\system32\UAService7.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-10 13:41:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-10 12:41:06
    ComboFix2.txt 2008-02-09 11:13:58
    .
    2008-01-08 21:04:19 --- E O F ---



    et celui de Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:49:46, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://www.achatpublic.com/sdm/cgapc/jar/install/jinst...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-downloa...
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 4268 bytes
    a b 8 Sécurité
    10 Février 2008 14:54:24

    C'est mieux ?

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)


    Installe AntiVir.

    Fais un scan complet puis poste le rapport en fin d'analyse.
    AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
    10 Février 2008 17:13:34

    C'est effectivement beaucoup mieux,

    J'ai viré Avast et installé Antivir, visiblement il est mieux puisqu'ilm'a trouvé des virus qu'avast n'avait pas vu ...

    Voici le rapport :



    AntiVir PersonalEdition Classic
    Report file date: dimanche 10 février 2008 16:03

    Scanning for 1096761 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: FRED

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:01:26
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 15:01:26
    ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 15:01:26
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 10/02/2008 15:01:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/02/2008 15:01:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 10 février 2008 16:03

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'bfggameservices.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'bfgclient.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'GPlayer.exe' - '1' Module(s) have been scanned
    Scan process 'ALG.EXE' - '1' Module(s) have been scanned
    Scan process 'UAService7.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'BoontyBox.exe' - '1' Module(s) have been scanned
    Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
    Scan process 'QTTASK.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    29 processes with 29 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '16' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\swbgjoqo.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\xkolgn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\libcurl.dll
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\frederic\Local Settings\Temporary Internet Files\Content.IE5\D8ORPPOT\sortby[1].htm
    [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
    [INFO] The file was moved to '48211979.qua'!
    C:\Documents and Settings\frederic\Mes documents\frederic.carlier6\removewga_removewga_1.2_anglais_21437.exe
    [DETECTION] Is the Trojan horse TR/Agent.ECX
    [INFO] The file was deleted!
    C:\Documents and Settings\frederic\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-42e537af-17b999ed.zip
    [DETECTION] Is the Trojan horse TR/Java.ClassLoad.L
    [INFO] The file was deleted!
    C:\Documents and Settings\frederic\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-37ec9278.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/ClassLdr.I.2
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP448\A0088174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP448\A0089174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP448\A0090174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP449\A0091174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP449\A0092174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP449\A0093174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP449\A0094174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP449\A0095174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP450\A0096174.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP450\A0097174.EXE
    [DETECTION] Is the Trojan horse TR/Drop.Agent.cuv
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP496\A0142562.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP497\A0142632.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP497\A0142633.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{9EF36102-EF8B-4CDD-A77B-E861638C3E1E}\RP497\A0142634.dll
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\catchme2008-02-09_121225.65.zip
    [0] Archive type: ZIP
    --> kprof
    [DETECTION] Is the Trojan horse TR/Proxy.Wopla.AG.4
    --> koos.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Wopla.AG.17
    --> poof
    [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.EZ
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\koos.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\kprof.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\poof.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    Begin scan in 'D:\'


    End of the scan: dimanche 10 février 2008 17:08
    Used time: 1:04:47 min

    The scan has been done completely.

    5332 Scanning directories
    225645 Files were scanned
    26 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    24 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    225619 Files not concerned
    894 Archives were scanned
    1 Warnings
    0 Notes

    10 Février 2008 17:29:34

    Ah j'oubliais, il y a eu un truc bizarre, au bout d'une heure de scan il en était arrivé à 20 % et en 5 minutes il a terminé les 80 autres %.
    Est-ce normal ???
    a b 8 Sécurité
    10 Février 2008 20:10:38

    Oui, c'est possible ;) 
    Tu as encore des soucis ?
    10 Février 2008 22:09:54

    Non, je te remercie pour tout.
    Bonne continuation.
    a b 8 Sécurité
    11 Février 2008 18:12:51

    Bon surf.

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    17 Février 2008 19:33:48

    Bonjour angeldark,

    désolé pour le délai, étais absent quelques jours.

    Voici le rapport Tcleaner.
    Merci encore pour tout


    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\WINDOWS\Gmer.exe: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\frederic\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\frederic\Bureau\Gmer.exe: trouvé !
    C:\Documents and Settings\frederic\Bureau\ComboFix.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\Combofix: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\WINDOWS\Gmer.exe: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\frederic\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\frederic\Bureau\Gmer.exe: supprimé !
    C:\Documents and Settings\frederic\Bureau\ComboFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS