Se connecter / S'enregistrer
Votre question

Supprimer infection Win32 : TratBHO

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Février 2008 19:04:42

Bonsoir,
En cherchant sur le net comment éradiquer le trojan que j'ai choppé il y a 2 jours, j'suis tombé ici et j'ai constaté que vous traitez chaque cas personnellement.
Je crée donc ce sujet afin d'obtenir de l'aide pour supprimer l'infection Win32.
J'ai vu aussi qu'un rapport HijackThis était demandé.
Voici donc mon premier rapport car HijackThis m'était inconnu avant :) 


Merci d'avance pour votre aide. :love: 



Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:43, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\RebootPC v1.40\PrebootPC.exe
C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\DOCUME~1\Alexis\LOCALS~1\Temp\Rar$EX02.000\HijackThis.exe
C:\DOCUME~1\Alexis\LOCALS~1\Temp\Rar$EX05.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} - C:\WINDOWS\system32\tuvvtsp.dll
O2 - BHO: (no name) - {D2D60A45-9EB5-4A29-8275-6D274111F088} - C:\WINDOWS\system32\vtutr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Familier2] C:\Program Files\familier2\familier2.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RebootPC.lnk = C:\Program Files\RebootPC v1.40\PrebootPC.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvvtsp - C:\WINDOWS\SYSTEM32\tuvvtsp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10078 bytes

Autres pages sur : supprimer infection win32 tratbho

12 Février 2008 19:16:07

Salut,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
12 Février 2008 19:36:14

Très bien.
Dans l'exécution, j'ai oublié d'arrêter avast ...
Voici quand même le rapport :



ComboFix 08-02-13.1 - Alexis 2008-02-12 19:21:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.310 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexis\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tuvvtsp.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\byxyvts.dll
C:\WINDOWS\system32\jkkhhee.dll
C:\WINDOWS\system32\qomkjjg.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\tuvvtsp.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\wl.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-10 14:14 . 2008-02-12 18:33 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 14:14 . 2008-02-10 14:14 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-09 18:15 . 2008-02-09 18:15 <REP> d-------- C:\Program Files\Native Instruments
2008-02-09 18:11 . 2008-02-09 18:11 552,960 --a------ C:\WINDOWS\system32\bcd3kcpan.exe
2008-02-09 18:11 . 2008-02-09 18:11 86,016 --a------ C:\WINDOWS\system32\bcd3kasio.dll
2008-02-09 18:11 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-09 18:11 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-09 18:11 . 2008-02-09 18:11 42,496 --a------ C:\WINDOWS\system32\drivers\BCD3000.SYS
2008-02-09 18:11 . 2008-02-09 18:11 21,600 --a------ C:\WINDOWS\system32\drivers\BCD3000WDM.SYS
2008-02-09 18:10 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 18:10 . 2004-08-04 08:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-24 19:57 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-24 19:57 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-24 19:57 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-24 19:57 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-24 19:57 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-24 19:57 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-24 19:57 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-24 19:56 . 2008-01-24 19:56 <REP> d-------- C:\Program Files\eRightSoft
2008-01-20 12:39 . 2008-01-20 12:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Publish Providers
2008-01-20 12:19 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-20 12:19 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-20 12:18 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-20 12:13 . 2008-01-20 12:13 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-01-20 12:09 . 2008-01-20 12:37 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sony
2008-01-20 12:05 . 2008-01-20 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-20 12:04 . 2008-01-20 12:05 <REP> d-------- C:\Program Files\Sony
2008-01-20 12:01 . 2008-01-20 12:01 <REP> d-------- C:\Program Files\Sony Setup
2008-01-16 12:35 . 2008-01-16 12:35 <REP> d-------- C:\Program Files\iPod
2008-01-16 12:35 . 2008-02-13 19:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 12:35 . 2008-01-16 12:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 12:34 . 2008-01-16 12:35 <REP> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 18:27 --------- d-----w C:\Documents and Settings\Alexis\Application Data\BitTorrent DNA
2008-02-13 18:22 --------- d-----w C:\Documents and Settings\Alexis\Application Data\BitTorrent
2008-02-12 17:52 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FileZilla
2008-02-10 15:52 --------- d-----w C:\Program Files\eMule
2008-02-10 13:55 --------- d-----w C:\Program Files\VirtualDJ
2008-02-07 17:27 --------- d-----w C:\Documents and Settings\Alexis\Application Data\LimeWire
2008-02-07 16:38 --------- d-----w C:\Program Files\OGSConverter
2008-02-05 21:58 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Apple Computer
2008-01-30 18:43 --------- d-----w C:\Program Files\Winamp
2008-01-20 19:26 --------- d-----w C:\Program Files\Skype
2008-01-20 11:05 --------- d-----w C:\Program Files\VstPlugins
2008-01-16 11:33 --------- d-----w C:\Program Files\QuickTime
2008-01-13 23:53 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nokia
2008-01-07 06:35 21,048 ----a-w C:\Documents and Settings\Alexis\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 18:07 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nokia Multimedia Player
2008-01-02 12:01 --------- d-----w C:\Documents and Settings\Alexis\Application Data\PC Suite
2008-01-02 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-02 11:52 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-02 11:52 --------- d-----w C:\Program Files\Nokia
2008-01-02 11:52 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-01-02 11:52 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-01-02 11:52 --------- d-----w C:\Program Files\DIFX
2008-01-02 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-01 19:53 --------- d-----w C:\Program Files\Ogs
2008-01-01 19:53 --------- d-----w C:\Documents and Settings\Alexis\Application Data\mIRC
2008-01-01 18:59 --------- d-----w C:\Program Files\mIRC
2007-12-24 08:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-22 13:26 --------- d-----w C:\Program Files\SHOUTcast
2007-12-22 12:26 --------- d-----w C:\Program Files\Windows Live
2007-12-22 12:21 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 12:20 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-22 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 11:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-17 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 17:06 --------- d-----w C:\Program Files\IVT Corporation
2007-12-15 23:56 --------- d-----w C:\Program Files\RebootPC v1.40
2007-12-15 15:36 --------- d-----w C:\Program Files\KaraFun
2007-12-14 20:43 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nero
2007-12-14 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-12-14 20:37 --------- d-----w C:\Program Files\Nero
2007-12-14 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-13 07:06 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Canon
2007-11-18 12:17 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-11 22:31 190024]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 08:19 49152]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"Familier2"="C:\Program Files\familier2\familier2.exe" [ ]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-11-11 16:44 286016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 08:19 4640768]
"nwiz"="nwiz.exe" [2003-05-02 08:19 323584 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Cmaudio"="cmicnfg.cpl" []
"nForce Tray Options"="sstray.exe" [2002-12-05 05:23 73728 C:\WINDOWS\system32\sstray.exe]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19 69632]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-20 10:07 118784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"BCD3000"="C:\WINDOWS\system32\bcd3kcpan.exe" [2008-02-09 18:11 552960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe

R3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys [2003-09-15 21:10]
S3 BCD3000;Behringer BCD3000 V1.1.2.0;C:\WINDOWS\system32\Drivers\BCD3000.SYS [2008-02-09 18:11]
S3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;C:\WINDOWS\system32\Drivers\BCD3000WDM.SYS [2008-02-09 18:11]
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 wampapache;wampapache;"C:\Program Files\wamp\apache2\bin\httpd.exe" [2007-01-10 00:17]
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-30 11:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 19:29:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RebootPC v1.40\PrebootPC.exe
C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 19:34:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 18:34:02
.
2008-01-23 06:48:15 --- E O F ---
Contenus similaires
12 Février 2008 19:45:54

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

++++++++

Puis repasse combofix, poste le rapport.
12 Février 2008 20:47:24

Voilà pour SDFix, j'refais combofix.




SDFix: Version 1.141

Run by Alexis on 13/02/2008 at 20:29

Microsoft Windows XP [version 5.1.2600]

Running From: C:\PROGRA~1\Sdfix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\NTSpool.exe - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 20:36:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\PROGRA~1\Sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 25 Nov 2007 88 ..SHR --- "C:\WINDOWS\system32\F87F492ED7.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 25 Nov 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu 24 Jan 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Thu 7 Dec 2006 28,672 A..H. --- "C:\Documents and Settings\Alexis\Mes documents\Ecole\~WRL0004.tmp"
Sun 13 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 26 Jan 2006 25,600 A..H. --- "C:\Documents and Settings\Alexis\Mes documents\temporaire\2\~WRL0446.tmp"
Thu 26 Jan 2006 23,552 A..H. --- "C:\Documents and Settings\Alexis\Mes documents\temporaire\2\~WRL1976.tmp"
Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RMXP\RGSS\Standard\Graphics.exe"
Sun 9 Oct 2005 4,348 A..H. --- "C:\Documents and Settings\Alexis\Mes documents\Images - Musiques - Vid‚os\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 25 Nov 2005 20 A..H. --- "C:\Documents and Settings\Alexis\Mes documents\Images - Musiques - Vid‚os\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 9 Oct 2005 400 A.SH. --- "C:\Documents and Settings\Alexis\Mes documents\Images - Musiques - Vid‚os\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!
12 Février 2008 20:56:41

Désolé pour le double post, ca fait un petit up :) 
Voici le rapport combofix :



ComboFix 08-02-13.1 - Alexis 2008-02-13 20:49:04.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.337 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexis\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-13 20:26 . 2008-02-13 20:27 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-13 20:16 . 2008-02-13 20:48 <REP> d-------- C:\Program Files\Sdfix
2008-02-10 14:14 . 2008-02-12 18:33 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 14:14 . 2008-02-10 14:14 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-09 18:15 . 2008-02-09 18:15 <REP> d-------- C:\Program Files\Native Instruments
2008-02-09 18:11 . 2008-02-09 18:11 552,960 --a------ C:\WINDOWS\system32\bcd3kcpan.exe
2008-02-09 18:11 . 2008-02-09 18:11 86,016 --a------ C:\WINDOWS\system32\bcd3kasio.dll
2008-02-09 18:11 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-09 18:11 . 2004-08-04 08:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-09 18:11 . 2008-02-09 18:11 42,496 --a------ C:\WINDOWS\system32\drivers\BCD3000.SYS
2008-02-09 18:11 . 2008-02-09 18:11 21,600 --a------ C:\WINDOWS\system32\drivers\BCD3000WDM.SYS
2008-02-09 18:10 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 18:10 . 2004-08-04 08:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-24 19:57 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-24 19:57 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-24 19:57 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-24 19:57 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-24 19:57 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-24 19:57 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-24 19:57 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-24 19:56 . 2008-01-24 19:56 <REP> d-------- C:\Program Files\eRightSoft
2008-01-20 12:39 . 2008-01-20 12:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Publish Providers
2008-01-20 12:19 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-20 12:19 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-20 12:18 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-20 12:13 . 2008-01-20 12:13 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-01-20 12:09 . 2008-01-20 12:37 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sony
2008-01-20 12:05 . 2008-01-20 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-20 12:04 . 2008-01-20 12:05 <REP> d-------- C:\Program Files\Sony
2008-01-20 12:01 . 2008-01-20 12:01 <REP> d-------- C:\Program Files\Sony Setup
2008-01-16 12:35 . 2008-01-16 12:35 <REP> d-------- C:\Program Files\iPod
2008-01-16 12:35 . 2008-02-13 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 12:35 . 2008-01-16 12:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 12:34 . 2008-01-16 12:35 <REP> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:23 --------- d-----w C:\Documents and Settings\Alexis\Application Data\BitTorrent DNA
2008-02-13 18:22 --------- d-----w C:\Documents and Settings\Alexis\Application Data\BitTorrent
2008-02-12 17:52 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FileZilla
2008-02-10 15:52 --------- d-----w C:\Program Files\eMule
2008-02-10 13:55 --------- d-----w C:\Program Files\VirtualDJ
2008-02-07 17:27 --------- d-----w C:\Documents and Settings\Alexis\Application Data\LimeWire
2008-02-07 16:38 --------- d-----w C:\Program Files\OGSConverter
2008-02-05 21:58 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Apple Computer
2008-01-30 18:43 --------- d-----w C:\Program Files\Winamp
2008-01-20 19:26 --------- d-----w C:\Program Files\Skype
2008-01-20 11:05 --------- d-----w C:\Program Files\VstPlugins
2008-01-16 11:33 --------- d-----w C:\Program Files\QuickTime
2008-01-13 23:53 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nokia
2008-01-07 06:35 21,048 ----a-w C:\Documents and Settings\Alexis\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 18:07 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nokia Multimedia Player
2008-01-02 12:01 --------- d-----w C:\Documents and Settings\Alexis\Application Data\PC Suite
2008-01-02 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-02 11:52 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-02 11:52 --------- d-----w C:\Program Files\Nokia
2008-01-02 11:52 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-01-02 11:52 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-01-02 11:52 --------- d-----w C:\Program Files\DIFX
2008-01-02 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-01 19:53 --------- d-----w C:\Program Files\Ogs
2008-01-01 19:53 --------- d-----w C:\Documents and Settings\Alexis\Application Data\mIRC
2008-01-01 18:59 --------- d-----w C:\Program Files\mIRC
2007-12-24 08:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-22 13:26 --------- d-----w C:\Program Files\SHOUTcast
2007-12-22 12:26 --------- d-----w C:\Program Files\Windows Live
2007-12-22 12:21 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 12:20 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-22 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 11:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 23:56 --------- d-----w C:\Program Files\RebootPC v1.40
2007-12-15 15:36 --------- d-----w C:\Program Files\KaraFun
2007-12-14 20:43 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Nero
2007-12-14 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-12-14 20:37 --------- d-----w C:\Program Files\Nero
2007-12-14 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-13 07:06 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Canon
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-18 12:17 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-11-17 14:22 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-17 14:22 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-05-11 22:31 190024]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 08:19 49152]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"Familier2"="C:\Program Files\familier2\familier2.exe" [ ]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-11-11 16:44 286016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 08:19 4640768]
"nwiz"="nwiz.exe" [2003-05-02 08:19 323584 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Cmaudio"="cmicnfg.cpl" []
"nForce Tray Options"="sstray.exe" [2002-12-05 05:23 73728 C:\WINDOWS\system32\sstray.exe]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19 69632]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-06-20 10:07 118784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"BCD3000"="C:\WINDOWS\system32\bcd3kcpan.exe" [2008-02-09 18:11 552960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Alexis\Menu D‚marrer\Programmes\D‚marrage\
Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2007-11-17 15:22:48 113664]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
RebootPC.lnk - C:\Program Files\RebootPC v1.40\PrebootPC.exe [2007-12-16 00:56:06 543232]
WlanUtility.lnk - C:\Program Files\WLAN\WLANUtility\WlanUtility.exe [2003-10-28 17:09:42 70656]

R3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys [2003-09-15 21:10]
S3 BCD3000;Behringer BCD3000 V1.1.2.0;C:\WINDOWS\system32\Drivers\BCD3000.SYS [2008-02-09 18:11]
S3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;C:\WINDOWS\system32\Drivers\BCD3000WDM.SYS [2008-02-09 18:11]
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 wampapache;wampapache;"C:\Program Files\wamp\apache2\bin\httpd.exe" [2007-01-10 00:17]
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-30 11:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 20:50:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
.
Temps d'accomplissement: 2008-02-13 20:51:06
ComboFix-quarantined-files.txt 2008-02-13 19:50:50
ComboFix2.txt 2008-02-13 18:34:06
.
2008-01-23 06:48:15 --- E O F ---
12 Février 2008 21:12:47

Re,

L'essentiel de l'infection est apparemment parti.

Supprime ce fichier : C:\WINDOWS\system32\Smab.dll (en mode sans échec si ça ne marche pas en mode normal.

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\bcd3kcpan.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)

Puis tu reposteras un Hijackthis.
12 Février 2008 21:38:34

Donc j'ai supprimé smab.dll sans problèmes.

Pour bcd3kcpan.exe, j'ai un périphérique audio usb nommé bcd 3000, l'icone correspond bien au périphérique, c'est donc normal, je pense.
Voici quand même l'analyse par VirusTotal :


Fichier bcd3kcpan.exe reçu le 2008.02.12 21:30:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2870 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -
Information additionnelle
File size: 552960 bytes
MD5: 64b00fe3e083d1f78325fc4f53e35ecf
SHA1: 0acb556f9f93b733e98cd4b159ccae51bead256a
PEiD: -


Et voici le HiJackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:39, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RebootPC v1.40\PrebootPC.exe
C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Alexis\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Familier2] C:\Program Files\familier2\familier2.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RebootPC.lnk = C:\Program Files\RebootPC v1.40\PrebootPC.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 9420 bytes
12 Février 2008 21:55:52

Ok, c'était pour être sûr ;) 

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
12 Février 2008 22:16:17

Rien à signaler :

13/02/2008 a 22:13:14,79

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32


J'pense donc que j'suis débarassé de ce petit virus !
Donc merci beaucoup XmichouX, merci de ta disponibilité, de ta précision et de ton aide.

EDIT : Euh, tout compte fait, je ne suis pas sur que la recherche ait bien fonctionné, la fenêtre MSDOS s'est fermée après 30 secondes de recherche ... et le rapport a été créé. Pas de demande autre que le choix d'option (1).
12 Février 2008 22:17:41

Bien, on finit ;) 

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
Reposte un dernier Hijackthis àla suite .
12 Février 2008 23:34:26

Alors, j'ai "cleané". Tout s'est bien passé.
Par contre je ne désinstalle pas Avast, c'est une question de gout ... J'ai pas envie de me séparer de la charmante voix "La base de données virales a été mis à jour".
Donc voilà, j'ai juste nettoyé, voici le Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:46, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RebootPC v1.40\PrebootPC.exe
C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Alexis\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deezer.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Familier2] C:\Program Files\familier2\familier2.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RebootPC.lnk = C:\Program Files\RebootPC v1.40\PrebootPC.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\WLAN\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 9456 bytes
13 Février 2008 17:53:59

Même si Antivir est plus performant et plus léger ? :p 
Enfin fais comme tu veux ;) 
T'as un rapport d'analyse?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS