Se connecter / S'enregistrer
Votre question

Pub Internet (Cid), virus attrappé par msn [Resolu]

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Janvier 2008 12:06:07

Bonjour,

J'ai un souci avec des pubs internet qui s'ouvrent toutes seules, je pense à des Cid.

Si quelqu'un peut m'aider merci à vous.

Ps: si ça peut aider, j'ai OTMoveIt, HijackThis et CCleaner.

Autres pages sur : pub internet cid virus attrappe msn resolu

a b 8 Sécurité
21 Janvier 2008 13:14:42

Bonjour,

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    21 Janvier 2008 13:56:41

    Voilà le rapport:


    -----------------------------[ Lop S&D 2.0.8 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

    [ USER: POULLY ] [ "C:\Program Files\Lop SD" ]

    [ 21/01/2008 | 13:39:13.00 ] [ YANNICK ]

    [ MAJ : 21-01-2008 | 13.15 ]


    -------------[ Listing des dossiers dans Application Data ]------------

    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    [06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini


    [25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.



    [30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

    [25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [21/01/2008|13:37] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
    [14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
    [01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
    [26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
    [26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
    [01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
    [12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
    [22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
    [29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
    [06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
    [21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
    [15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
    [27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
    [07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
    [07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
    [25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
    [25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
    [25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [21/01/2008 12:00][--ah-----] C:\WINDOWS\tasks\A8684309916FFBA9.job
    [21/01/2008 13:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/01/2008|13:39] C:\Program Files\Lop SD
    [21/01/2008|13:33] C:\Program Files\..
    [21/01/2008|13:33] C:\Program Files\.
    [21/01/2008|12:00] C:\Program Files\Helper
    [17/01/2008|21:47] C:\Program Files\Temporary
    [17/01/2008|19:15] C:\Program Files\Dot1XCfg
    [16/01/2008|22:00] C:\Program Files\eChanblard
    [09/01/2008|16:31] C:\Program Files\eMule
    [21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
    [21/12/2007|16:27] C:\Program Files\MSN Messenger
    [11/12/2007|23:47] C:\Program Files\Internet Explorer
    [19/11/2007|18:42] C:\Program Files\flashget196en.exe
    [12/11/2007|18:51] C:\Program Files\LimeWire
    [12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
    [15/10/2007|14:34] C:\Program Files\Java
    [09/10/2007|15:39] C:\Program Files\MSN plus
    [09/10/2007|15:39] C:\Program Files\Multimedia V3.54
    [03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
    [26/09/2007|14:27] C:\Program Files\MSN Reaper
    [02/09/2007|21:06] C:\Program Files\eChanblard.exe
    [14/06/2007|21:13] C:\Program Files\Windows Live
    [12/06/2007|22:34] C:\Program Files\Outlook Express
    [08/05/2007|12:23] C:\Program Files\WinRAR
    [08/04/2007|16:57] C:\Program Files\CCleaner
    [02/04/2007|23:26] C:\Program Files\Grisoft
    [01/04/2007|10:43] C:\Program Files\PC Camera
    [22/03/2007|23:54] C:\Program Files\BitComet
    [07/03/2007|18:19] C:\Program Files\Free
    [07/03/2007|16:42] C:\Program Files\Fichiers communs
    [07/03/2007|16:18] C:\Program Files\NETGEAR
    [07/03/2007|16:18] C:\Program Files\NETGEAR(2)
    [22/01/2007|21:42] C:\Program Files\VideoLAN
    [09/11/2006|18:14] C:\Program Files\Windows Media Player
    [09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
    [09/11/2006|17:41] C:\Program Files\windows media player 11
    [09/11/2006|17:28] C:\Program Files\Windows NT
    [06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
    [23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
    [22/09/2006|15:02] C:\Program Files\Boonty
    [22/09/2006|15:02] C:\Program Files\BoontyGames
    [22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
    [21/09/2006|19:47] C:\Program Files\DIFX
    [11/04/2006|20:36] C:\Program Files\Bearshare
    [22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
    [09/02/2006|15:37] C:\Program Files\essai convertisseur
    [04/02/2006|14:28] C:\Program Files\Oxilog
    [04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
    [02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
    [28/01/2006|14:33] C:\Program Files\SigmaTel
    [25/01/2006|21:09] C:\Program Files\Messenger
    [25/01/2006|19:37] C:\Program Files\Lavasoft
    [25/01/2006|19:37] C:\Program Files\PowerArchiver
    [25/01/2006|19:36] C:\Program Files\Adobe
    [25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
    [25/01/2006|19:30] C:\Program Files\Alwil Software
    [25/01/2006|16:32] C:\Program Files\Ahead
    [25/01/2006|16:16] C:\Program Files\Movie Maker
    [25/01/2006|16:13] C:\Program Files\NetMeeting
    [25/01/2006|15:56] C:\Program Files\SiSLan
    [25/01/2006|14:54] C:\Program Files\Uninstall Information
    [25/01/2006|14:49] C:\Program Files\xerox
    [25/01/2006|14:49] C:\Program Files\microsoft frontpage
    [25/01/2006|14:47] C:\Program Files\Services en ligne
    [25/01/2006|14:44] C:\Program Files\ComPlus Applications
    [25/01/2006|14:44] C:\Program Files\WindowsUpdate
    [25/01/2006|14:44] C:\Program Files\MSN Gaming Zone

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [12/06/2007|22:34] C:\Program Files\Fichiers communs\System
    [01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/03/2007|16:42] C:\Program Files\Fichiers communs\..
    [07/03/2007|16:42] C:\Program Files\Fichiers communs\.
    [12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
    [12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
    [22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
    [10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
    [09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
    [07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
    [02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
    [25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
    [25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
    [25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
    [25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\WINDOWS\Tasks\A8684309916FFBA9.job

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-21 13:41:22
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:1826][Doss:896] C:\DOCUME~1\POULLY\LOCALS~1\Temp
    /!\ [Fich:17112][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 13:43:15.17 ]----------------------
    Contenus similaires
    a b 8 Sécurité
    21 Janvier 2008 14:10:00

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    &

    Télécharge puis installe Hijackthis (Trend Micro).
    Poste ensuite un rapport dans ta prochaine réponse.
    AIDE : Comment utiliser Hijackthis v2.0.2
    21 Janvier 2008 14:13:01

    J'ai Avast qui me trouve plein de virus/cheval de troie.
    Avast m'indique aussi que je reçois plein de courriers electroniques dans un faible intervalle de temps.
    a b 8 Sécurité
    21 Janvier 2008 14:14:52

    Désactive-le pensant les opérations ci-dessous.
    21 Janvier 2008 14:36:20

    Re,
    Voilà le rapport Lop:



    -----------------------------[ Lop S&D 2.0.8 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

    [ USER: POULLY ] [ "C:\Program Files\Lop SD" ]

    [ 21/01/2008 | 14:17:31.76 ] [ YANNICK ]

    [ MAJ : 21-01-2008 | 13.15 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\WINDOWS\Tasks\A8684309916FFBA9.job
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [30/07/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [10/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [22/03/2007|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
    [11/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    [06/10/2006|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [06/10/2006|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [22/09/2006|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
    [21/09/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [21/09/2006|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [30/06/2006|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [14/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [25/01/2006|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [25/01/2006|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini


    [25/01/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [25/01/2006|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.



    [30/09/2006|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [25/01/2006|14:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

    [25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [25/01/2006|14:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [25/01/2006|14:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [21/01/2008|13:48] C:\DOCUME~1\POULLY\APPLIC~1\OpenOffice.org2
    [14/01/2008|14:08] C:\DOCUME~1\POULLY\APPLIC~1\mIRC
    [01/01/2008|14:59] C:\DOCUME~1\POULLY\APPLIC~1\LimeWire
    [26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\..
    [26/12/2007|15:45] C:\DOCUME~1\POULLY\APPLIC~1\.
    [01/04/2007|20:49] C:\DOCUME~1\POULLY\APPLIC~1\Microsoft
    [12/02/2007|19:36] C:\DOCUME~1\POULLY\APPLIC~1\Ahead
    [22/01/2007|23:53] C:\DOCUME~1\POULLY\APPLIC~1\vlc
    [29/10/2006|23:19] C:\DOCUME~1\POULLY\APPLIC~1\Real
    [06/10/2006|15:57] C:\DOCUME~1\POULLY\APPLIC~1\Media Player Classic
    [21/09/2006|14:03] C:\DOCUME~1\POULLY\APPLIC~1\PC Suite
    [15/05/2006|19:15] C:\DOCUME~1\POULLY\APPLIC~1\Sun
    [27/02/2006|18:57] C:\DOCUME~1\POULLY\APPLIC~1\Help
    [07/02/2006|13:23] C:\DOCUME~1\POULLY\APPLIC~1\AdobeUM
    [07/02/2006|13:22] C:\DOCUME~1\POULLY\APPLIC~1\Adobe
    [25/01/2006|20:53] C:\DOCUME~1\POULLY\APPLIC~1\Macromedia
    [25/01/2006|19:38] C:\DOCUME~1\POULLY\APPLIC~1\Lavasoft
    [25/01/2006|14:54] C:\DOCUME~1\POULLY\APPLIC~1\Identities

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [21/01/2008 13:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/01/2008|14:17] C:\Program Files\Lop SD
    [21/01/2008|13:33] C:\Program Files\..
    [21/01/2008|13:33] C:\Program Files\.
    [21/01/2008|12:00] C:\Program Files\Helper
    [17/01/2008|21:47] C:\Program Files\Temporary
    [17/01/2008|19:15] C:\Program Files\Dot1XCfg
    [16/01/2008|22:00] C:\Program Files\eChanblard
    [09/01/2008|16:31] C:\Program Files\eMule
    [21/12/2007|16:27] C:\Program Files\Messenger Plus! Live
    [21/12/2007|16:27] C:\Program Files\MSN Messenger
    [11/12/2007|23:47] C:\Program Files\Internet Explorer
    [19/11/2007|18:42] C:\Program Files\flashget196en.exe
    [12/11/2007|18:51] C:\Program Files\LimeWire
    [12/11/2007|18:22] C:\Program Files\LimeWireWin.exe
    [15/10/2007|14:34] C:\Program Files\Java
    [09/10/2007|15:39] C:\Program Files\MSN plus
    [09/10/2007|15:39] C:\Program Files\Multimedia V3.54
    [03/10/2007|16:17] C:\Program Files\eMule0.48a-Installer.exe
    [26/09/2007|14:27] C:\Program Files\MSN Reaper
    [02/09/2007|21:06] C:\Program Files\eChanblard.exe
    [14/06/2007|21:13] C:\Program Files\Windows Live
    [12/06/2007|22:34] C:\Program Files\Outlook Express
    [08/05/2007|12:23] C:\Program Files\WinRAR
    [08/04/2007|16:57] C:\Program Files\CCleaner
    [02/04/2007|23:26] C:\Program Files\Grisoft
    [01/04/2007|10:43] C:\Program Files\PC Camera
    [22/03/2007|23:54] C:\Program Files\BitComet
    [07/03/2007|18:19] C:\Program Files\Free
    [07/03/2007|16:42] C:\Program Files\Fichiers communs
    [07/03/2007|16:18] C:\Program Files\NETGEAR
    [07/03/2007|16:18] C:\Program Files\NETGEAR(2)
    [22/01/2007|21:42] C:\Program Files\VideoLAN
    [09/11/2006|18:14] C:\Program Files\Windows Media Player
    [09/11/2006|18:05] C:\Program Files\Windows Media Connect 2
    [09/11/2006|17:41] C:\Program Files\windows media player 11
    [09/11/2006|17:28] C:\Program Files\Windows NT
    [06/10/2006|15:40] C:\Program Files\K-Lite Codec Pack
    [23/09/2006|15:55] C:\Program Files\Jeux t‚l‚charg‚
    [22/09/2006|15:02] C:\Program Files\Boonty
    [22/09/2006|15:02] C:\Program Files\BoontyGames
    [22/09/2006|14:51] C:\Program Files\Mes Jeux T‚l‚charg‚s
    [21/09/2006|19:47] C:\Program Files\DIFX
    [11/04/2006|20:36] C:\Program Files\Bearshare
    [22/03/2006|18:55] C:\Program Files\JEUX MONOPOLY
    [09/02/2006|15:37] C:\Program Files\essai convertisseur
    [04/02/2006|14:28] C:\Program Files\Oxilog
    [04/02/2006|12:04] C:\Program Files\C-Media 3D Audio
    [02/02/2006|16:29] C:\Program Files\InstallShield Installation Information
    [28/01/2006|14:33] C:\Program Files\SigmaTel
    [25/01/2006|21:09] C:\Program Files\Messenger
    [25/01/2006|19:37] C:\Program Files\Lavasoft
    [25/01/2006|19:37] C:\Program Files\PowerArchiver
    [25/01/2006|19:36] C:\Program Files\Adobe
    [25/01/2006|19:33] C:\Program Files\OpenOffice.org 2.0
    [25/01/2006|19:30] C:\Program Files\Alwil Software
    [25/01/2006|16:32] C:\Program Files\Ahead
    [25/01/2006|16:16] C:\Program Files\Movie Maker
    [25/01/2006|16:13] C:\Program Files\NetMeeting
    [25/01/2006|15:56] C:\Program Files\SiSLan
    [25/01/2006|14:54] C:\Program Files\Uninstall Information
    [25/01/2006|14:49] C:\Program Files\xerox
    [25/01/2006|14:49] C:\Program Files\microsoft frontpage
    [25/01/2006|14:47] C:\Program Files\Services en ligne
    [25/01/2006|14:44] C:\Program Files\ComPlus Applications
    [25/01/2006|14:44] C:\Program Files\WindowsUpdate
    [25/01/2006|14:44] C:\Program Files\MSN Gaming Zone

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [12/06/2007|22:34] C:\Program Files\Fichiers communs\System
    [01/04/2007|19:22] C:\Program Files\Fichiers communs\Microsoft Shared
    [07/03/2007|16:42] C:\Program Files\Fichiers communs\..
    [07/03/2007|16:42] C:\Program Files\Fichiers communs\.
    [12/02/2007|19:31] C:\Program Files\Fichiers communs\Nero
    [12/02/2007|19:30] C:\Program Files\Fichiers communs\LightScribe
    [22/09/2006|14:52] C:\Program Files\Fichiers communs\Macrovision Shared
    [10/05/2006|19:48] C:\Program Files\Fichiers communs\Java
    [09/02/2006|15:37] C:\Program Files\Fichiers communs\MimarSinan
    [07/02/2006|13:22] C:\Program Files\Fichiers communs\Adobe
    [02/02/2006|16:29] C:\Program Files\Fichiers communs\InstallShield
    [25/01/2006|16:29] C:\Program Files\Fichiers communs\Ahead
    [25/01/2006|14:46] C:\Program Files\Fichiers communs\Services
    [25/01/2006|14:46] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2006|14:37] C:\Program Files\Fichiers communs\ODBC
    [25/01/2006|14:37] C:\Program Files\Fichiers communs\SpeechEngines

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-21 14:20:10
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:1830][Doss:898] C:\DOCUME~1\POULLY\LOCALS~1\Temp
    /!\ [Fich:17361][Doss:28] C:\DOCUME~1\POULLY\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 14:23:03.18 ]----------------------
    21 Janvier 2008 14:38:19

    Voilà le rapport HijackThis (v1.99.1)


    Logfile of HijackThis v1.99.1
    Scan saved at 14:30:58, on 21/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\snrb2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\bhij.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [Winupdates] snrb2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: rdihost - {C575CAAC-7286-4989-84B9-192F69D7A809} - rdihost.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe

    a b 8 Sécurité
    21 Janvier 2008 22:29:24

    Re,

    Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
    - Exécute l'option R.
    -- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

    [#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log
    22 Janvier 2008 23:34:53

    Re, voilà le rapport


    MSNFix 1.639-2

    C:\Documents and Settings\POULLY\Mes documents\MSNFix
    Fix exécuté le 22/01/2008 - 23:22:05.50 By POULLY
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    ... C:\?.exe
    ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
    ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    ... C:\Documents and Settings\POULLY\??????.exe
    ... C:\WINDOWS\17PHolmes1148.exe
    ... C:\WINDOWS\avp.exe
    ... C:\WINDOWS\mrofinu*.exe
    ... C:\WINDOWS\mrofinu*.exe.tmp

    ************************ Recherche les dossiers présents

    ... C:\Program Files\Dot1XCfg\
    ... C:\Program Files\Temporary\




    ************************ Suppression des fichiers

    .. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    .. OK ... C:\?.exe
    .. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\*.dmp
    .. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    .. OK ... C:\DOCUME~1\POULLY\LOCALS~1\Temp\services.exe
    /!\ ... C:\Documents and Settings\POULLY\??????.exe
    .. OK ... C:\WINDOWS\17PHolmes1148.exe
    .. OK ... C:\WINDOWS\avp.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe.tmp


    ************************ Suppression des dossiers

    .. OK ... C:\Program Files\Dot1XCfg\
    .. OK ... C:\Program Files\Temporary\


    ************************ Nettoyage du registre



    Les fichiers encore présents seront supprimés au prochain redémarrage


    ************************ Suppression des fichiers

    .. OK ... C:\Documents and Settings\POULLY\??????.exe



    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\cvbkwtb.exe] B5E168C0941A903BC5ABBCE5F8F31B0B



    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_232439.71.zip


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    a b 8 Sécurité
    23 Janvier 2008 13:19:49

    Reposte un rapport Hijackthis.
    24 Janvier 2008 22:51:55

    Re, voilà un nouveau rapport


    Logfile of HijackThis v1.99.1
    Scan saved at 22:47:41, on 24/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Winupdates] snrb2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

    a b 8 Sécurité
    25 Janvier 2008 19:03:32

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    27 Janvier 2008 16:29:50

    Re,

    Voilà le rapport



    ComboFix 08-01-23.1C - POULLY 2008-01-27 15:17:26.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
    Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\lsass.exe
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\Program Files\spoolsv.exe
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\Ultimate Cleaner
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\absolute key logger.lnk
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\aconti.ini
    C:\WINDOWS\aconti.log
    C:\WINDOWS\aconti.sdb
    C:\WINDOWS\acontidialer.txt
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\b128.exe.bin
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\default.htm
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\acespy\__acelog.ndx
    C:\WINDOWS\system32\acespy\systune.exe
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CCEVTSVC
    -------\LEGACY_MSUPDATE
    -------\LEGACY_NTNDIS
    -------\LEGACY_RUNTIME
    -------\LEGACY_SMTPDRV
    -------\ntndis
    -------\runtime
    -------\smtpdrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\p2pnetworks
    2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\e-zshopper
    2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\amsys
    2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\akl
    2008-01-27 16:01 . 2008-01-27 16:01 <REP> d-------- C:\Program Files\Accoona
    2008-01-27 16:00 . 2008-01-27 16:00 <REP> d-------- C:\Program Files\3721
    2008-01-27 16:00 . 2008-01-27 16:00 32,512 --a------ C:\WINDOWS\764.exe
    2008-01-27 16:00 . 2008-01-27 16:00 26,368 --a------ C:\WINDOWS\wml.exe
    2008-01-27 16:00 . 2008-01-27 16:00 22,016 --a------ C:\WINDOWS\system32\wml.exe
    2008-01-27 16:00 . 2008-01-27 16:01 20,992 --a------ C:\WINDOWS\absolute key logger.lnk
    2008-01-27 16:00 . 2008-01-27 16:00 19,200 --a------ C:\WINDOWS\system32\vxddsk.exe
    2008-01-27 16:00 . 2008-01-27 16:00 17,920 --a------ C:\WINDOWS\flt.dll
    2008-01-27 16:00 . 2008-01-27 16:00 15,616 --a------ C:\WINDOWS\vxddsk.exe
    2008-01-27 16:00 . 2008-01-27 16:00 15,360 --a------ C:\WINDOWS\7search.dll
    2008-01-27 16:00 . 2008-01-27 16:00 9,216 --a------ C:\WINDOWS\pbar.dll
    2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
    2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
    2008-01-21 12:01 . 2008-01-27 15:21 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-21 11:59 . 2008-01-22 22:58 50,688 --a------ C:\cvbkwtb.exe
    2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 15:01 18,176 ----a-w C:\WINDOWS\system32\drivers\smtpdrv.sys
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WintelUpdate"="C:\bhij.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
    @="Driver"

    R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-27 15:21]
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-27 16:00:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\764.exe 32512 bytes
    C:\WINDOWS\7search.dll 15360 bytes
    C:\WINDOWS\absolute key logger.lnk 20992 bytes
    C:\WINDOWS\flt.dll 17920 bytes
    C:\WINDOWS\system32\msole32.exe 25856 bytes
    C:\WINDOWS\system32\ESHOPEE.exe 29952 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 6

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-27 16:05:35 - machine was rebooted [POULLY]
    ComboFix-quarantined-files.txt 2008-01-27 15:05:30
    .
    2008-01-09 12:43:21 --- E O F ---
    a b 8 Sécurité
    27 Janvier 2008 19:20:48

    Il a déjà fait un bon ménage.

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    27 Janvier 2008 22:20:51

    Je dois refaire la même chose ?
    a b 8 Sécurité
    27 Janvier 2008 22:44:43

    Désolé, une erreur.

    Télécharge BTFix ([#ff0000]Bibi26[/#f]).
    Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    28 Janvier 2008 21:30:08

    Ok, c'est pas grave :) 
    28 Janvier 2008 21:33:33

    Re, voilà le rapport


    BTFix 1.072 (par bibi26) - 28/01/2008 21:31:31 - Analyse
    Lancé depuis C:\Documents and Settings\POULLY\Mes documents\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés


    ---> Analyse terminée
    a b 8 Sécurité
    29 Janvier 2008 12:09:28

    Ok, refais un scan Combofix.
    31 Janvier 2008 21:21:03

    Re, voilà le scan:


    ComboFix 08-01-23.1C - POULLY 2008-01-30 23:02:27.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00]Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 22:44 . 2008-01-24 22:44 89,619 --a------ C:\WINDOWS\system32\rxjddnvj.exe
    2008-01-22 22:55 . 2008-01-22 22:55 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
    2008-01-21 12:01 . 2008-01-30 23:07 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WintelUpdate"="C:\bhij.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
    @="Driver"

    R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-01-30 23:07]
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-30 23:09:28
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-30 23:14:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-30 22:14:28
    .
    2008-01-09 12:43:21 --- E O F ---
    a b 8 Sécurité
    31 Janvier 2008 22:05:38

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Rootkit::
    C:\WINDOWS\system32\ztx86.sys

    File::
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\bhij.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WintelUpdate"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    4 Février 2008 12:32:25

    Re, voilà le rapport Combo


    ComboFix 08-01-23.1C - POULLY 2008-02-04 10:46:58.7 - NTFSx86
    Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    .
    /wow section - STAGE 1

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ztx86.sys

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 15:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
    2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-30_23.14.10.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-27 14:10:06 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-02-04 09:45:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-27 14:10:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-02-04 09:45:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-27 14:10:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-02-04 09:45:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-27 14:10:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-02-04 09:45:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-27 14:10:11 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    + 2008-02-04 09:45:49 7,208,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    - 2008-01-27 14:10:13 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-02-04 09:45:50 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    - 2008-01-30 21:51:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-02-04 09:51:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-01-30 21:51:21 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-02-04 09:51:43 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-02-04 08:40:54 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012820080204\index.dat
    + 2008-02-04 09:51:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008020420080205\index.dat
    - 2008-01-30 21:51:21 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-02-04 09:51:43 606,208 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-02-04 09:58:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oru36.sys]
    @="Driver"

    R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
    S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 10:59:43
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-04 11:04:08 - machine was rebooted [POULLY]
    ComboFix-quarantined-files.txt 2008-02-04 10:04:04
    ComboFix2.txt 2008-01-30 22:14:34
    .
    2008-01-09 12:43:21 --- E O F ---
    4 Février 2008 12:33:38

    Et voici le rapport HijackThis


    Logfile of HijackThis v1.99.1
    Scan saved at 11:06:05, on 04/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\POULLY\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

    4 Février 2008 12:39:50

    Quand j'allume mon pc Avast me trouve souvent des trojans.

    Win32:Agent...
    Win32:Small...
    Ces trojans reviennent souvent.
    a b 8 Sécurité
    4 Février 2008 18:43:50

    Quel emplacement ?
    4 Février 2008 19:27:25

    C:\WINDOWS\system32 ›› Win32:Agent-LNK [Wrm]

    C:\DOCUME~1\POULLY\LOCALS~1\Temp ›› Win32:Small-FHL [Trj]

    C:\Documents and Settings\POULLY\Bureau ›› Win32:Small-IKZ [Trj]
    a b 8 Sécurité
    4 Février 2008 19:38:48

    Et le nom et extension des fichiers ?
    4 Février 2008 19:47:50

    Ah désolé.

    Nom: smtpdrv.sys ›› C:\WINDOWS\system32\drivers ›› Win32:Agent-LNK [Wrm]

    Nom: synmon.exe ›› C:\DOCUME~1\POULLY\LOCALS~1\Temp ›› Win32:Small-FHL [Trj]

    Nom: wnpyxv.exe ›› C:\Documents and Settings\POULLY\Bureau ›› Win32:Small-IKZ [Trj]
    a b 8 Sécurité
    4 Février 2008 19:55:42

    Supprime ta version de Combofix puis recommence.
    4 Février 2008 21:48:02

    Je supprime Combofix et je recommence quoi ?
    a b 8 Sécurité
    4 Février 2008 21:55:38

    Tu supprimes combofix puis tu le retélacharge et recommence le scan.
    4 Février 2008 22:31:51

    Voilà le rapport


    ComboFix 08-02.05.1 - POULLY 2008-02-04 22:18:31.8 - NTFSx86
    Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
    2008-01-21 12:01 . 2008-02-04 10:57 25,984 --a------ C:\WINDOWS\system32\drivers\Oru36.sys
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-04 09:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]

    R0 Oru36;Oru36;C:\WINDOWS\system32\Drivers\Oru36.sys [2008-02-04 10:57]
    S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 22:22:54
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    ? [49844]
    ? [47412]
    ? [47844]
    ? [48272]
    ? [49600]
    ? [48336]
    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-04 22:27:54
    ComboFix-quarantined-files.txt 2008-02-04 21:27:49
    ComboFix2.txt 2008-02-04 10:04:09
    ComboFix3.txt 2008-01-30 22:14:34
    .
    2008-01-09 12:43:21 --- E O F ---
    a b 8 Sécurité
    5 Février 2008 12:39:31

    C'est bien une nouvelle version ?
    5 Février 2008 22:02:41

    Ah mince je crois que c'est la même. T'as une autre version où un lien où on peut la trouver ?

    Joli avatar :) 
    a b 8 Sécurité
    5 Février 2008 22:30:16

    C'pas moi qui l'ait fait :D 
    Tu as supprimé ton combofix pour le retélécharger ?
    6 Février 2008 19:49:31

    Oui oui je l'ai supprimé.
    C'est la même version, comme un andouille j'ai repris la même lol
    a b 8 Sécurité
    6 Février 2008 19:55:31

    On va faire la suppression à la main.

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    Oru36
    ztx86

    File::
    C:\WINDOWS\system32\Drivers\Oru36.sys
    C:\WINDOWS\system32\ztx86.sys


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Février 2008 21:23:37

    Voila le rapport Combo ( il s'est pas lancé la première fois )


    ComboFix 08-02.05.1 - POULLY 2008-02-06 20:17:59.9 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
    Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\POULLY\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\WINDOWS\system32\Drivers\Oru36.sys
    C:\WINDOWS\system32\ztx86.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Drivers\Oru36.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_ORU36
    -------\Oru36
    -------\ztx86


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-04 22:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:30 . 2008-01-21 14:07 25,600 --a------ C:\WINDOWS\system32\socketa.dll
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-21 11:59 . 2008-01-21 15:11 25,600 --a------ C:\WINDOWS\system32\socksys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 19:22 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-11-19 17:42 4,653,240 ----a-w C:\Program Files\flashget196en.exe
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-06 20:22:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-06 20:25:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-06 19:25:13
    ComboFix2.txt 2008-02-04 21:27:55
    ComboFix3.txt 2008-02-04 10:04:09
    ComboFix4.txt 2008-01-30 22:14:34
    .
    2008-01-09 12:43:21 --- E O F ---
    7 Février 2008 22:08:39

    Ok. J'ai mis 2 fois le même message ?

    Ah bah du coup j'ai enlevé les deux lol
    7 Février 2008 23:44:50

    Re, voilà le rapport de AntiVir



    AntiVir PersonalEdition Classic
    Report file date: jeudi 7 février 2008 22:45

    Scanning for 1095787 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: POULLY
    Computer name: YANNICK

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:39:13
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 21:39:13
    ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 07/02/2008 21:39:13
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 07/02/2008 21:39:14
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/02/2008 21:39:14
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 7 février 2008 22:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
    Scan process 'sistray.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    31 processes with 31 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\POULLY\Mes documents\MSNFix\22012008_232439.71.zip
    [0] Archive type: ZIP
    --> backup/17PHolmes1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/algisz.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/avp.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    --> backup/ayoshy.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/btfnvs.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/cbonxi.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/cmmpgd.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/Dot1XCfg.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
    --> backup/esutzr.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/ezqebs.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/fiibmu.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/fqsljl.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/gfbylm.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/hfndhn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/hgupug.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/ihptnd.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/jmpsvm.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/krqpkt.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/lgswjv.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/lirwym.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/lkqzyb.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/lscxdt.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/lygifo.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mgkjhe.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mrofinu1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mrofinu1148.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/npeabq.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/nplqgt.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/oenavc.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/olnujn.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/oynbzx.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/pfjwvi.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/phjtml.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/pmcgda.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/pvlgsp.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/qbdqsi.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/rkczmy.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/rnhaed.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/ruehiq.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/services.exe
    [DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
    --> backup/siakkg.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/urtfww.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/valzio.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/vubrrk.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/whzhca.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/wmuckc.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/wvhrck.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/xhsltl.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/xqijpv.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/ysrrvx.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/zmfbnk.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
    --> backup/zxiryu.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47db7d69.qua'!
    C:\Documents and Settings\POULLY\Mes documents\Yannick\Scripts\QuizZ-BanG\QuiZzStarZ.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
    [INFO] The file was moved to '48147e90.qua'!
    C:\QooBox\Quarantine\catchme2008-02-04_105840.50.zip
    [0] Archive type: ZIP
    --> ztx86.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '481f81b4.qua'!
    C:\QooBox\Quarantine\catchme2008-02-06_202142.92.zip
    [0] Archive type: ZIP
    --> Oru36.sys
    [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
    [INFO] The file was moved to '4963e1dd.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\rxjddnvj.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was moved to '481581cc.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Oru36.sys.vir
    [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
    [INFO] The file was moved to '482081c6.qua'!
    C:\WINDOWS\system32\socketa.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
    [INFO] The file was moved to '480e8464.qua'!
    C:\WINDOWS\system32\socksys.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
    [INFO] The file was moved to '480e8465.qua'!
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IBO5ZOBP\setup[1].exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was moved to '481f8487.qua'!
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: jeudi 7 février 2008 23:22
    Used time: 36:59 min

    The scan has been done completely.

    3726 Scanning directories
    235106 Files were scanned
    59 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    9 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    235047 Files not concerned
    1359 Archives were scanned
    1 Warnings
    0 Notes

    a b 8 Sécurité
    8 Février 2008 13:19:20

    Refais un scan Combofix :) 
    10 Février 2008 14:59:51

    Re, voilà le rapport du scan combo


    ComboFix 08-02.05.1 - POULLY 2008-02-10 14:46:07.10 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 1:00]
    Endroit: C:\Documents and Settings\POULLY\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Program Files\Avira
    2008-02-07 22:36 . 2008-02-07 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-07 22:30 . 2008-02-07 22:30 17,788,920 --a------ C:\Program Files\Antivir.exe
    2008-02-06 20:16 . 2004-08-19 16:09 400,896 --a------ C:\kmd.exe
    2008-01-21 13:33 . 2008-01-21 14:23 <REP> d-------- C:\Program Files\Lop SD
    2008-01-21 12:36 . 2008-01-21 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-21 12:36 . 2008-01-21 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 12:00 . 2008-01-21 15:48 2 --a------ C:\-1474427128
    2008-01-21 11:59 . 2008-01-21 11:59 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-10 13:00 --------- d-----w C:\Documents and Settings\POULLY\Application Data\OpenOffice.org2
    2008-01-16 21:00 --------- d-----w C:\Program Files\eChanblard
    2008-01-14 13:08 --------- d-----w C:\Documents and Settings\POULLY\Application Data\mIRC
    2008-01-09 15:31 --------- d-----w C:\Program Files\eMule
    2008-01-01 13:59 --------- d-----w C:\Documents and Settings\POULLY\Application Data\LimeWire
    2007-12-21 15:27 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-21 15:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-11-12 17:22 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
    2007-10-03 15:17 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
    2007-09-02 20:06 5,958,060 ----a-w C:\Program Files\eChanblard.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
    "Cmaudio"="cmicnfg.cpl" []
    "SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 15:02 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 22:39 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    C:\Documents and Settings\POULLY\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42 61440]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    NETGEAR WG311v3 Wireless Assistant.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-01-25 16:36:44 2238]

    S3 CAM1210;USB Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2007-01-09 10:35]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    *Newly Created Service* - SSMDRV
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 14:48:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-10 14:48:39
    ComboFix-quarantined-files.txt 2008-02-10 13:48:23
    ComboFix2.txt 2008-02-06 19:25:30
    ComboFix3.txt 2008-02-04 21:27:55
    ComboFix4.txt 2008-02-04 10:04:09
    ComboFix5.txt 2008-01-30 22:14:34
    .
    2008-01-09 12:43:21 --- E O F ---
    a b 8 Sécurité
    10 Février 2008 15:25:05

    Mieux ?

    Télécharge ewido anti-spyware micro scanner sur ton bureau.
  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

    Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
    11 Février 2008 19:21:15

    Oui ça va déjà mieux. Les pubs Cid s'ouvrent plus.
    a b 8 Sécurité
    11 Février 2008 19:38:03

    Fais ce que j'ai dit :) 
    11 Février 2008 20:57:00

    Voilà le rapport

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: TrackingCookie.Yieldmanager
    Path: C:\Documents and Settings\POULLY\Cookies\poully@ad.yieldmanager[2].txt
    Risk: Medium

    Name: TrackingCookie.Euroclick
    Path: C:\Documents and Settings\POULLY\Cookies\poully@adopt.euroclick[1].txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: C:\Documents and Settings\POULLY\Cookies\poully@adrevolver[1].txt
    Risk: Medium

    Name: TrackingCookie.Adtech
    Path: C:\Documents and Settings\POULLY\Cookies\poully@adtech[1].txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: C:\Documents and Settings\POULLY\Cookies\poully@advertising[1].txt
    Risk: Medium

    Name: TrackingCookie.Atdmt
    Path: C:\Documents and Settings\POULLY\Cookies\poully@atdmt[2].txt
    Risk: Medium

    Name: TrackingCookie.Bluestreak
    Path: C:\Documents and Settings\POULLY\Cookies\poully@bluestreak[1].txt
    Risk: Medium

    Name: TrackingCookie.Serving-sys
    Path: C:\Documents and Settings\POULLY\Cookies\poully@bs.serving-sys[2].txt
    Risk: Medium

    Name: TrackingCookie.Doubleclick
    Path: C:\Documents and Settings\POULLY\Cookies\poully@doubleclick[1].txt
    Risk: Medium

    Name: TrackingCookie.Estat
    Path: C:\Documents and Settings\POULLY\Cookies\poully@estat[1].txt
    Risk: Medium

    Name: TrackingCookie.Fastclick
    Path: C:\Documents and Settings\POULLY\Cookies\poully@fastclick[2].txt
    Risk: Medium

    Name: TrackingCookie.Findwhat
    Path: C:\Documents and Settings\POULLY\Cookies\poully@findwhat[1].txt
    Risk: Medium

    Name: TrackingCookie.2o7
    Path: C:\Documents and Settings\POULLY\Cookies\poully@himedia.112.2o7[1].txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: C:\Documents and Settings\POULLY\Cookies\poully@media.adrevolver[2].txt
    Risk: Medium

    Name: TrackingCookie.Mediaplex
    Path: C:\Documents and Settings\POULLY\Cookies\poully@mediaplex[1].txt
    Risk: Medium

    Name: TrackingCookie.Overture
    Path: C:\Documents and Settings\POULLY\Cookies\poully@overture[1].txt
    Risk: Medium

    Name: TrackingCookie.Serving-sys
    Path: C:\Documents and Settings\POULLY\Cookies\poully@serving-sys[2].txt
    Risk: Medium

    Name: TrackingCookie.Tradedoubler
    Path: C:\Documents and Settings\POULLY\Cookies\poully@tradedoubler[1].txt
    Risk: Medium

    Name: TrackingCookie.Weborama
    Path: C:\Documents and Settings\POULLY\Cookies\poully@weborama[1].txt
    Risk: Medium

    Name: TrackingCookie.Abcsearch
    Path: C:\Documents and Settings\POULLY\Cookies\poully@www.abcsearch[1].txt
    Risk: Medium

    Name: Adware.ActivShopper
    Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
    Risk: Medium

    Name: Adware.Accoona
    Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
    Risk: Medium

    Name: Adware.ActivShopper
    Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
    Risk: Medium

    Name: Adware.Accoona
    Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456}
    Risk: Medium

    Name: Not-A-Virus.Hacktool.EvID
    Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe
    Risk: Low

    Name: Not-A-Virus.Hacktool.EvID
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106228.exe
    Risk: Low

    Name: Trojan.Agent.dwb
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106293.exe
    Risk: High

    Name: Downloader.Agent.erf
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP602\A0106294.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106330.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106331.exe
    Risk: High

    Name: Rootkit.Agent.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106398.sys
    Risk: High

    Name: Rootkit.Agent.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106420.sys
    Risk: High

    Name: Trojan.CPEX.aq
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106424.exe
    Risk: High

    Name: Rootkit.Agent.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0106426.sys
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107419.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0107421.exe
    Risk: High

    Name: Downloader.Agent.hnp
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108434.dll
    Risk: High

    Name: Rootkit.Agent.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108435.sys
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108438.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108439.exe
    Risk: High

    Name: Backdoor.Agent.alm
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108449.exe
    Risk: High

    Name: Worm.Agent.l
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108450.sys
    Risk: High

    Name: Downloader.Adload.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108470.exe
    Risk: High

    Name: Backdoor.Agent.alm
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108471.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108515.exe
    Risk: High

    Name: Downloader.Agent.hql
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0108516.exe
    Risk: High

    Name: Trojan.CPEX.aq
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109441.exe
    Risk: High

    Name: Backdoor.Small.crw
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109442.exe
    Risk: High

    Name: Trojan.Sinowal.gf
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109443.exe
    Risk: High

    Name: Downloader.Small.huv
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109445.exe
    Risk: High

    Name: Backdoor.SdBot.asy
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109452.exe
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109465.sys
    Risk: High

    Name: Trojan.Agent.elr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109472.exe
    Risk: High

    Name: Backdoor.SdBot.aqp
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109473.sys
    Risk: High

    Name: Rootkit.Agent.pr
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109502.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP603\A0109507.sys
    Risk: High

    Name: Not-A-Virus.Downloader.Win32.UltimateFix.e
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111581.exe
    Risk: Low

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111636.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111686.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111770.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP604\A0111817.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP605\A0111848.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111861.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP606\A0111934.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP607\A0111964.sys
    Risk: High

    Name: Downloader.Agent.hlt
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP609\A0112035.sys
    Risk: High

    Name: Not-A-Virus.Hoax.Win32.Renos.asa
    Path: C:\System Volume Information\_restore{1BEE1B57-6E3F-47DE-9FEC-51BDBE09C0B9}\RP610\A0112112.exe
    Risk: Low

    Name: TrackingCookie.Atdmt
    Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
    Risk: Medium

    Name: TrackingCookie.Doubleclick
    Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
    Risk: Medium

    Name: TrackingCookie.Mediaplex
    Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
    Risk: Medium
    a b 8 Sécurité
    11 Février 2008 21:04:35

    Re,

  • Clique sur Remove infections
  • Au message d'avertissement, clique sur Ok et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur Save Report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.
    11 Février 2008 21:50:15

    Scan finished: 0 infections found

    Je peux pas cliquer sur Save report
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS