Se connecter / S'enregistrer
Votre question

Infection par Win32:TratBHO [Trj] [Résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Janvier 2008 22:48:08

Bonjour à tous. Je suis nouveau sur ce forum et j'ai vu que vous aidiez volontiers les gens infectés par ce virus. D'après ce que j'ai compris, chaque cas est particulier et il vaut donc mieux créer un sujet pour chacun. Donc voilà. Je vous met mon rapport hijackthis. Si quelqu'un veut bien m'aider... Merci d'avance!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:25, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rwosvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Choco Loco\Bureau\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www/enseig.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F4982BAB-80E9-4838-A2A0-95D30F348161} - C:\WINDOWS\system32\vtutqnm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Remote Access Tool] rwosvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: xxyvvwx - C:\WINDOWS\SYSTEM32\xxyvvwx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7093 bytes

Autres pages sur : infection win32 tratbho trj resolu

29 Janvier 2008 00:40:04

Bonsoir :) 

C'est un beau Vundo

Télécharge VundoFix [:eric_71:8] < ici

Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur [Scan for Vundo]
à la fin du scan , clique sur [Remove Vundo]
il te demandera si tu veux supprimer les fichiers , clique sur [YES]
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
Redémarre ton PC

Copie/colle le rapport ( C:\vundofix.txt )
et un nouveau rapport HijackThis

Il est possible que VundoFix ne puisse pas supprimer un fichier ,
dans ce cas, il se relancera au prochain redémarrage ,
il suffit de recommencer à partir de clique sur [Scan for Vundo]


------------------------------------------------------------

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

30 Janvier 2008 22:23:08

Re.
Désolé, mais j'ai eu pas mal de taf ces 2 derniers jours, du coup j'ai pas pu faire ce que tu m'avais conseillé avant ce soir. En tout cas, je te remercies de bien vouloir m'aider. Tout d'abord, le rapport VundoFix :

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 21:29:01 2008-01-30

Listing files found while scanning....

C:\WINDOWS\system32\awtrqro.dll
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\pmkhi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqro.dll
C:\WINDOWS\system32\awtrqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\ihkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqro.dll
C:\WINDOWS\system32\awtrqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Ensuite, le nouveau rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rwosvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Choco Loco\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www/enseig.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A8C2B8A-0068-4293-AC1F-6F1A87A9BC5D} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\awtrqro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Remote Access Tool] rwosvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6931 bytes

Et enfin, le rapport ComboFix :

ComboFix 08-01-31.1 - Choco Loco 2008-01-30 22:04:50.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.61 [GMT 1:00]
Endroit: C:\Documents and Settings\Choco Loco\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtrqro.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\xxyvvwx.dll
C:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh.dat
C:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh.exe
c:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh_nav.dat
c:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh_navps.dat
C:\WINDOWS\system32\awttsqo.dll
C:\WINDOWS\system32\byxxxvw.dll
C:\WINDOWS\system32\cbaww.dll
C:\WINDOWS\system32\cbxywtt.dll
C:\WINDOWS\system32\ddccdde.dll
C:\WINDOWS\system32\efccayy.dll
C:\WINDOWS\system32\khfcabb.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tuvuspq.dll
C:\WINDOWS\system32\vtutqnm.dll
C:\WINDOWS\system32\xxyvvwx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-31 22:08 . 2008-01-31 22:08 268 --ah----- C:\sqmdata06.sqm
2008-01-31 22:08 . 2008-01-31 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-01-30 21:56 . 2008-01-30 21:56 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-30 15:56 . 2008-01-30 15:57 <REP> d-------- C:\Program Files\eMule
2008-01-30 14:59 . 2008-01-30 15:44 <REP> d-------- C:\Program Files\DivX
2008-01-28 23:29 . 2008-01-28 23:29 <REP> d-------- C:\Program Files\aMSN
2008-01-28 23:29 . 2008-01-30 20:57 <REP> d-------- C:\Documents and Settings\Choco Loco\amsn
2008-01-27 20:25 . 2008-01-30 21:56 <REP> d-------- C:\VundoFix Backups
2008-01-27 20:11 . 2008-01-27 20:11 <REP> d-------- C:\MSNFix
2008-01-27 11:23 . 2008-01-27 11:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-27 11:23 . 2008-01-27 11:23 41 --a------ C:\WINDOWS\config.ini
2008-01-27 11:20 . 2008-01-27 11:20 <REP> d-------- C:\Program Files\Windows Live
2008-01-27 11:20 . 2008-01-27 12:31 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-25 21:49 . 2008-01-25 20:07 85,504 -r-hs---- C:\WINDOWS\system32\rwosvc.exe
2008-01-19 14:03 . 2008-01-19 17:26 <REP> d-------- C:\Program Files\Antipub
2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 17:50 . 2008-01-18 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-18 17:45 . 2008-01-18 17:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 16:46 . 2008-01-18 16:46 <REP> d-------- C:\Program Files\Alwil Software
2008-01-18 16:46 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-18 16:46 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-18 16:46 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-18 16:46 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-18 16:46 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-18 16:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-18 16:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-18 16:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-10 00:47 . 2008-01-10 00:47 <REP> d-------- C:\Games
2008-01-08 16:50 . 2008-01-08 16:50 38 --a------ C:\WINDOWS\BELOTEXP.INI
2008-01-08 16:03 . 2002-03-13 15:46 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2008-01-08 16:02 . 2008-01-08 16:04 <REP> d-------- C:\Program Files\Ludiclub
2008-01-08 16:02 . 2004-03-08 23:00 260,880 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-01-08 16:02 . 2004-03-08 23:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-01-08 16:02 . 1998-12-02 08:11 143,360 --a------ C:\WINDOWS\system32\fsuz.dll
2008-01-08 16:02 . 2003-09-25 09:00 107,560 --a------ C:\WINDOWS\system32\CSWSK32.OCX
2008-01-08 16:02 . 1996-08-05 11:00 92,160 -ra------ C:\WINDOWS\system32\grid32.ocx
2008-01-08 16:02 . 2006-10-22 14:25 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE
2008-01-02 11:09 . 2008-01-02 11:09 268 --ah----- C:\sqmdata05.sqm
2008-01-02 11:09 . 2008-01-02 11:09 244 --ah----- C:\sqmnoopt05.sqm
2008-01-01 14:27 . 2008-01-01 14:27 268 --ah----- C:\sqmdata04.sqm
2008-01-01 14:27 . 2008-01-01 14:27 244 --ah----- C:\sqmnoopt04.sqm
2007-12-31 21:03 . 2007-12-31 21:03 268 --ah----- C:\sqmdata03.sqm
2007-12-31 21:03 . 2007-12-31 21:03 244 --ah----- C:\sqmnoopt03.sqm
2007-12-31 16:18 . 2007-12-31 16:18 268 --ah----- C:\sqmdata02.sqm
2007-12-31 16:18 . 2007-12-31 16:18 244 --ah----- C:\sqmnoopt02.sqm
2007-12-30 18:57 . 2007-12-30 18:57 268 --ah----- C:\sqmdata01.sqm
2007-12-30 18:57 . 2007-12-30 18:57 244 --ah----- C:\sqmnoopt01.sqm
2007-12-25 04:19 . 2008-01-30 21:27 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-21 15:34 . 2007-12-21 15:34 0 --a------ C:\WINDOWS\PCFriend.INI
2007-12-21 15:30 . 2007-12-21 15:34 <REP> d-------- C:\Program Files\PCFriendly
2007-12-21 15:30 . 2007-12-21 15:30 <REP> d-------- C:\Documents and Settings\Choco Loco\WINDOWS
2007-12-21 15:30 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2007-12-21 15:30 . 1999-09-27 17:15 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 22:38 --------- d-----w C:\Documents and Settings\Choco Loco\Application Data\AdobeUM
2008-01-27 11:31 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 10:06 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-01 12:42 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-12-04 13:57 --------- d-----w C:\Program Files\AOL 8.0
2007-11-21 10:36 20,336 ----a-w C:\Documents and Settings\Choco Loco\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A8C2B8A-0068-4293-AC1F-6F1A87A9BC5D}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 19:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\System32\STDSB.exe" [2002-02-27 18:30 28672]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 16:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 16:20 561152]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-14 17:47 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-14 17:47 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Remote Access Tool"="rwosvc.exe" [2008-01-25 20:07 85504 C:\WINDOWS\system32\rwosvc.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-08-22 11:00]
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-06-19 11:23]
R3 st3tgbus;st3tgbus;C:\WINDOWS\system32\DRIVERS\st3tgbus.sys [2003-03-12 19:37]
R3 st3tiger;st3tiger;C:\WINDOWS\system32\DRIVERS\st3tiger.sys [2003-03-12 19:38]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-14 17:03:59 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-01-30 20:53:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Contenus similaires
31 Janvier 2008 00:49:47

Re ,

Clique sur le menu Demarrer / Panneau de configuration / Options des dossiers / puis dans l'onglet Affichage
- coche Afficher les fichiers et dossiers cachés
- decoche Masquer les extensions des fichiers dont le type est connu
- decoche Masquer les fichiers protégés du système d'exploitation ( recommandé )
clique sur Appliquer


Fais analyser ce fichier ici : Virustotal
Clique sur , choisis Poste de travail , puis C:\
puis Windows , puis System32 , et enfin rwosvc.exe

Clique maintenant sur

il sera analysé par une plusieurs Antivirus

copie / colle le rapport

31 Janvier 2008 09:42:31

Voilà le rapport :

Fichier rwosvc.exe reçu le 2008.01.29 21:07:14 (CET)
Situation actuelle: terminé

Résultat: 12/32 (37.50%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.1.30.10 2008.01.29 -
AntiVir 7.6.0.57 2008.01.29 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.29 -
Avast 4.7.1098.0 2008.01.29 -
AVG 7.5.0.516 2008.01.29 SHeur.AOYR
BitDefender 7.2 2008.01.29 -
CAT-QuickHeal 9.00 2008.01.29 -
ClamAV 0.91.2 2008.01.29 -
DrWeb 4.44.0.09170 2008.01.29 -
eSafe 7.0.15.0 2008.01.28 Suspicious File
eTrust-Vet 31.3.5494 2008.01.29 -
Ewido 4.0 2008.01.29 -
FileAdvisor 1 2008.01.29 -
Fortinet 3.14.0.0 2008.01.29 -
F-Prot 4.4.2.54 2008.01.29 -
F-Secure 6.70.13260.0 2008.01.29 W32/Smalltroj.CLQH
Ikarus T3.1.1.20 2008.01.29 -
Kaspersky 7.0.0.125 2008.01.29 -
McAfee 5218 2008.01.29 W32/Checkout
Microsoft 1.3109 2008.01.28 -
NOD32v2 2833 2008.01.29 -
Norman 5.80.02 2008.01.29 W32/Smalltroj.CLQH
Panda 9.0.0.4 2008.01.28 W32/Oscarbot.RS.worm
Prevx1 V2 2008.01.29 SHeur.AOYR
Rising 20.29.12.00 2008.01.29 -
Sophos 4.25.0 2008.01.29 Mal/Emogen-N
Sunbelt 2.2.907.0 2008.01.29 Trojan.Crypt.XPACK.Gen
Symantec 10 2008.01.29 W32.Mubla
TheHacker 6.2.9.201 2008.01.28 -
VBA32 3.12.2.6 2008.01.29 -
VirusBuster 4.3.26:9 2008.01.29 -
Webwasher-Gateway 6.6.2 2008.01.29 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 85504 bytes
MD5: 5baa2cf5fe9dd6612f91f63c30ade6d4
SHA1: 0b1dd7eca005473fea1c8fce476ce28c43438e06
PEiD: -
packers: EXECryptor
packers: Execryptor
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=980F7ABA...
31 Janvier 2008 20:22:31

Re , il est bien infectieux

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

File::
C:\WINDOWS\system32\rwosvc.exe
C:\WINDOWS\system32\pmkhi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A8C2B8A-0068-4293-AC1F-6F1A87A9BC5D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Access Tool"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

1 Février 2008 23:29:33

Re,

Voilà le rapport ComboFix :

ComboFix 08-01-31.1 - Choco Loco 2008-02-02 23:09:30.3 - NTFSx86
Endroit: C:\Documents and Settings\Choco Loco\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Choco Loco\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\rwosvc.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkkiif.dll
C:\WINDOWS\system32\byxwwvt.dll
C:\WINDOWS\system32\byxxxvs.dll
C:\WINDOWS\system32\byxyxwu.dll
C:\WINDOWS\system32\efccaaa.dll
C:\WINDOWS\system32\efcyaaw.dll
C:\WINDOWS\system32\fccbaaa.dll
C:\WINDOWS\system32\fccywxy.dll
C:\WINDOWS\system32\gebcabx.dll
C:\WINDOWS\system32\gebxvwx.dll
C:\WINDOWS\system32\iifcbxx.dll
C:\WINDOWS\system32\iifefca.dll
C:\WINDOWS\system32\jkkkiif.dll
C:\WINDOWS\system32\khfdecc.dll
C:\WINDOWS\system32\ljjjiff.dll
C:\WINDOWS\system32\ljjkjih.dll
C:\WINDOWS\system32\ljjkjij.dll
C:\WINDOWS\system32\nnnkkjh.dll
C:\WINDOWS\system32\nnnnklk.dll
C:\WINDOWS\system32\opnmnop.dll
C:\WINDOWS\system32\opnommn.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\rqrssro.dll
C:\WINDOWS\system32\rwosvc.exe
C:\WINDOWS\system32\ssqnlmn.dll
C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vtuvtsp.dll
C:\WINDOWS\system32\wvurrpq.dll
C:\WINDOWS\system32\yaywusr.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\xxyvvwx.dll
c:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh.dat
C:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh.exe
C:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh_nav.dat
c:\Documents and Settings\Choco Loco\Local Settings\Application Data\irpqwmdnh_navps.dat
C:\WINDOWS\system32\awtrqro.dll
C:\WINDOWS\system32\awttsqo.dll
C:\WINDOWS\system32\byxxxvw.dll
C:\WINDOWS\system32\cbaww.dll
C:\WINDOWS\system32\cbxywtt.dll
C:\WINDOWS\system32\ddccdde.dll
C:\WINDOWS\system32\efccayy.dll
C:\WINDOWS\system32\khfcabb.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tuvuspq.dll
C:\WINDOWS\system32\vtutqnm.dll
C:\WINDOWS\system32\xxyvvwx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))))))
.

2008-02-02 23:17 . 2008-02-02 23:17 172 --ah----- C:\sqmnoopt11.sqm
2008-02-02 23:17 . 2008-02-02 23:17 172 --ah----- C:\sqmdata11.sqm
2008-02-02 17:41 . 2008-02-02 17:41 268 --ah----- C:\sqmdata10.sqm
2008-02-02 17:41 . 2008-02-02 17:41 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 11:23 . 2008-02-01 11:23 172 --ah----- C:\sqmnoopt09.sqm
2008-02-01 11:23 . 2008-02-01 11:23 172 --ah----- C:\sqmdata09.sqm
2008-02-01 09:30 . 2008-02-01 09:30 268 --ah----- C:\sqmdata08.sqm
2008-02-01 09:30 . 2008-02-01 09:30 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 00:28 . 2008-02-01 00:28 268 --ah----- C:\sqmdata07.sqm
2008-02-01 00:28 . 2008-02-01 00:28 244 --ah----- C:\sqmnoopt07.sqm
2008-01-31 22:08 . 2008-01-31 22:08 268 --ah----- C:\sqmdata06.sqm
2008-01-31 22:08 . 2008-01-31 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-01-30 21:56 . 2008-01-30 21:56 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-30 15:56 . 2008-01-30 15:57 <REP> d-------- C:\Program Files\eMule
2008-01-30 14:59 . 2008-01-30 15:44 <REP> d-------- C:\Program Files\DivX
2008-01-28 23:29 . 2008-01-28 23:29 <REP> d-------- C:\Program Files\aMSN
2008-01-28 23:29 . 2008-02-02 17:42 <REP> d-------- C:\Documents and Settings\Choco Loco\amsn
2008-01-27 20:25 . 2008-01-30 21:56 <REP> d-------- C:\VundoFix Backups
2008-01-27 20:11 . 2008-01-27 20:11 <REP> d-------- C:\MSNFix
2008-01-27 11:23 . 2008-01-27 11:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-27 11:23 . 2008-01-27 11:23 41 --a------ C:\WINDOWS\config.ini
2008-01-27 11:20 . 2008-01-27 11:20 <REP> d-------- C:\Program Files\Windows Live
2008-01-27 11:20 . 2008-01-27 12:31 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-19 14:03 . 2008-01-19 17:26 <REP> d-------- C:\Program Files\Antipub
2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 17:50 . 2008-01-18 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-18 17:45 . 2008-01-18 17:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 16:46 . 2008-01-18 16:46 <REP> d-------- C:\Program Files\Alwil Software
2008-01-18 16:46 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-18 16:46 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-18 16:46 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-18 16:46 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-18 16:46 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-18 16:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-18 16:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-18 16:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-10 00:47 . 2008-01-10 00:47 <REP> d-------- C:\Games
2008-01-08 16:50 . 2008-01-08 16:50 38 --a------ C:\WINDOWS\BELOTEXP.INI
2008-01-08 16:03 . 2002-03-13 15:46 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2008-01-08 16:02 . 2008-01-08 16:04 <REP> d-------- C:\Program Files\Ludiclub
2008-01-08 16:02 . 2004-03-08 23:00 260,880 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-01-08 16:02 . 2004-03-08 23:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-01-08 16:02 . 1998-12-02 08:11 143,360 --a------ C:\WINDOWS\system32\fsuz.dll
2008-01-08 16:02 . 2003-09-25 09:00 107,560 --a------ C:\WINDOWS\system32\CSWSK32.OCX
2008-01-08 16:02 . 1996-08-05 11:00 92,160 -ra------ C:\WINDOWS\system32\grid32.ocx
2008-01-08 16:02 . 2006-10-22 14:25 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE
2008-01-02 11:09 . 2008-01-02 11:09 268 --ah----- C:\sqmdata05.sqm
2008-01-02 11:09 . 2008-01-02 11:09 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 22:38 --------- d-----w C:\Documents and Settings\Choco Loco\Application Data\AdobeUM
2008-01-27 11:31 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 10:06 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-01 12:42 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-12-21 14:34 --------- d-----w C:\Program Files\PCFriendly
2007-12-04 13:57 --------- d-----w C:\Program Files\AOL 8.0
2007-11-21 10:36 20,336 ----a-w C:\Documents and Settings\Choco Loco\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:20 401491]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 19:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\System32\STDSB.exe" [2002-02-27 18:30 28672]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 16:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 16:20 561152]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-14 17:47 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-14 17:47 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-08-22 11:00]
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-06-19 11:23]
R3 st3tgbus;st3tgbus;C:\WINDOWS\system32\DRIVERS\st3tgbus.sys [2003-03-12 19:37]
R3 st3tiger;st3tiger;C:\WINDOWS\system32\DRIVERS\st3tiger.sys [2003-03-12 19:38]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-14 17:03:59 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-02-02 21:53:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
4 Février 2008 17:28:52

Re,
Voilà c'est fait. Voici les rapports de scan effectués tous les 2 en mode sans échec comme c'est conseillé dans les tutos d'utilisation d'Antivir (j'en ai fait 2 parce que le 1er j'ai du éteindre mon PC en cours de scan, donc il est seulement partiel, alors que le second est complet) :

Le 1er :

AntiVir PersonalEdition Classic
Report file date: 2008-02-02 21:56

Scanning for 1089295 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Choco Loco
Computer name: CHOCOLOCO

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:43:33
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 20:43:33
ANTIVIR3.VDF : 7.0.2.82 259072 Bytes 2008-02-01 20:43:33
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-03 20:43:34
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-03 20:43:35
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-02 21:56

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Choco Loco\Bureau\Raccourcis Bureau non utilisés\ParisHilton.exe
[DETECTION] Is the Trojan horse TR/Drop.Agen.251446
[INFO] The file was moved to '4816db3b.qua'!
C:\Documents and Settings\Choco Loco\Local Settings\Temp\41.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YZV.1 Backdoor server programs
[INFO] The file was moved to '47d2dbb9.qua'!
C:\Documents and Settings\Choco Loco\Local Settings\Temp\72.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47d2dbba.qua'!
C:\MSNFix\MSNFix\27012008_20181864.zip
[0] Archive type: ZIP
--> backup/image044.zip
[1] Archive type: ZIP
--> image044.jpg-www.imghost.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47d4de34.qua'!
C:\QooBox\Quarantine\catchme2008-01-28_221151.85.zip
[0] Archive type: ZIP
--> xxyvvwx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4818e1b3.qua'!
C:\QooBox\Quarantine\catchme2008-02-02_232016.68.zip
[0] Archive type: ZIP
--> jkkkiif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49630d84.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrqro.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4818e1ca.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awttsqo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4818e1cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\byxwwvt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ce1cd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\byxxxvs.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49621d06.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\byxxxvw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ce1ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\byxyxwu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49621d07.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxywtt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ce1b7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccdde.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4807e1ba.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\efccaaa.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4807e1bc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\efccayy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49791d75.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyaaw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4807e1be.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccbaaa.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49791d73.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccywxy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49791d77.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcabx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4806e1bc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebxvwx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4806e1bd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifcbxx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480ae1c1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifefca.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49741d0a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkiif.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '480fe1c4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\khfcabb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480ae1c3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\khfdecc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49741d0c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjiff.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480ee1c3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjkjih.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480ee1c4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjkjij.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49701d0d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkkjh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4812e1c8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnklk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4812e1c9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\opnmnop.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4812e1cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\opnommn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '496c1d04.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssro.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4816e1cd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rwosvc.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4813e1d3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqnlmn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4815e1cf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqool.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4815e1d0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuspq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ae1d2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vturq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4819e1d1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutqnm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4819e1d2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtsp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49671d1b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wvurrpq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4819e1d4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvvwx.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '481de1d7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yaywusr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481de1c0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026586.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e190.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026587.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e191.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026588.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102a.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026589.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e193.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026590.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e192.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026591.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026592.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e194.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026593.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102d.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026594.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102c.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026595.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e195.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026596.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102e.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026597.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e196.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026598.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a8102f.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026599.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e188.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026600.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e197.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026601.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81020.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026602.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e199.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026603.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81022.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026604.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81031.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026605.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e18a.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026606.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81033.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026607.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e19b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026608.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81024.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026609.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e19d.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026610.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e198.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026611.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81021.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026612.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47d4e19a.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP100\A0026616.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a81026.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP101\A0026772.exe
[DETECTION] Is the Trojan horse TR/Drop.Agen.251446
[INFO] The file was moved to '47d4e1a6.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP93\A0025294.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e202.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP93\A0025295.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a813bb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026333.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e206.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026335.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e207.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026336.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a813b0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026337.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e208.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026338.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a813b1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026339.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e20a.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026340.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e209.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026341.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a813b2.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026342.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e20b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0026348.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46a813b3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP96\A0026414.dll
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[INFO] The file was moved to '47d4e214.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP97\A0026502.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d4e21c.qua'!
C:\VundoFix Backups\awtqrrs.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4818e26a.qua'!
C:\VundoFix Backups\awtrqro.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '496204c3.qua'!
C:\VundoFix Backups\iifgecd.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480ae25d.qua'!
C:\VundoFix Backups\pmkhi.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[INFO] The file was moved to '480fe261.qua'!
C:\VundoFix Backups\qomlijg.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4811e264.qua'!
C:\VundoFix Backups\ssqpqrr.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4815e268.qua'!
C:\VundoFix Backups\vtutqnm.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4819e269.qua'!
Begin scan in 'E:\' <WD Passport>


End of the scan: 2008-02-02 23:13
Used time: 1:17:09 min

The scan has been canceled!

5130 Scanning directories
201537 Files were scanned
94 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
94 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
201443 Files not concerned
6441 Archives were scanned
1 Warnings
0 Notes

Et le 2nd :

AntiVir PersonalEdition Classic
Report file date: 2008-02-04 12:26

Scanning for 1089295 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Choco Loco
Computer name: CHOCOLOCO

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:43:33
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 20:43:33
ANTIVIR3.VDF : 7.0.2.82 259072 Bytes 2008-02-01 20:43:33
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-03 20:43:34
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-03 20:43:35
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-02-04 12:26

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\' <WD Passport>
E:\Mes documents\Mes logiciels\Bureautique\Office XP Pro\Setup.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481b36f4.qua'!


End of the scan: 2008-02-04 17:02
Used time: 4:35:33 min

The scan has been done completely.

5743 Scanning directories
258641 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
258640 Files not concerned
6597 Archives were scanned
1 Warnings
0 Notes

4 Février 2008 19:50:21

Bien , il à fait un bon ménage

Tu as toujours des problèmes ?

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter] , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

4 Février 2008 22:18:05

-->- Recherche:

C:\Combofix: trouvé !
C:\MsnFix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Choco Loco\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Choco Loco\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Choco Loco\Bureau\Logiciels suppression virus\Msnfix.zip: trouvé !
C:\Documents and Settings\Choco Loco\Bureau\Logiciels suppression virus\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Choco Loco\Recent\MSNFix.lnk: trouvé !
C:\Documents and Settings\Choco Loco\Recent\HijackThis.lnk: trouvé !
C:\MSNFix\MsnFix: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Choco Loco\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Choco Loco\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Choco Loco\Bureau\Logiciels suppression virus\Msnfix.zip: supprimé !
C:\Documents and Settings\Choco Loco\Bureau\Logiciels suppression virus\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Choco Loco\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\Choco Loco\Recent\HijackThis.lnk: supprimé !
C:\Combofix: supprimé !
C:\MsnFix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !

A priori j'ai plus de problème. Si jamais je m'aperçois que ça merde encore, je reposterai ici. En tout cas, merci beaucoup pour ton aide.
5 Février 2008 19:53:43


Ok ,

Clique, dans ton premier message, sur le bouton "Editer"
Ajoute [Résolu] au titre
Clique ensuite sur "Valider votre message"



Bonne continuation ;) 

6 Février 2008 13:06:43

Voilà, c'est fait. Encore merci pour ton aide, en espérant que je n'en aurai plus besoin... ;) 
6 Février 2008 13:08:18


De rien :) 

@ +
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS