Votre question

[résolu] Infection : Virus Win32:TratBHO[Trj]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Janvier 2008 21:37:08

Bonjour, tout comme laura68, j'ai récemment remarqué que j'avais été infecté par un virus...
C'est depuis que je suis passé à Avast que je le détecte en fait. Avant j'utilisais Nod32 et il ne m'avait rien indiqué...

Est-ce quelqu'un saurait m'aider à m'en débarrasser??

Voici le log de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:31:44, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\admin\Bureau\divers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\qomkjji.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D0994E82-0703-4794-A981-16880A5AF300} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/Tes...
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: qomkjji - C:\WINDOWS\SYSTEM32\qomkjji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Autres pages sur : resolu infection virus win32 tratbho trj

12 Janvier 2008 12:04:05

Personne pour m'aider ? :( 
12 Janvier 2008 12:48:29


Bonjour ,

effectivement tu es infecté

Télécharge VundoFix [:eric_71:8] < ici

Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur [Scan for Vundo]
à la fin du scan , clique sur [Remove Vundo]
il te demandera si tu veux supprimer les fichiers , clique sur [YES]
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
Redémarre ton PC

Copie/colle le rapport ( C:\vundofix.txt )

Il est possible que VundoFix ne puisse pas supprimer un fichier ,
dans ce cas, il se relancera au prochain redémarrage ,
il suffit de recommencer à partir de clique sur [Scan for Vundo]


-------------------------------------------------------------------

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )
Contenus similaires
12 Janvier 2008 20:43:44

Salut,

Merci pour ta réponse et désolé pour le retard de la mienne...

Voici, respectivement, mes logs de vundoFix et de ComboFix:


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:49:29 12/01/2008

Listing files found while scanning....

C:\windows\system32\mllml.dll
C:\WINDOWS\system32\qomkjji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 20:00:48 12/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\qomkjji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!


______________________________________________________

ComboFix 08-01-11.3 - admin 2008-01-12 20:30:07.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.94 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\vturo.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 18:49 . 2008-01-12 20:22 <REP> d-------- C:\VundoFix Backups
2008-01-12 10:13 . 2008-01-12 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 21:45 . 2008-01-08 21:45 0 --a------ C:\WINDOWS\TPTray.INI
2008-01-08 21:42 . 2008-01-08 21:42 <REP> d-------- C:\Program Files\Alwil Software
2008-01-08 21:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-08 21:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-08 21:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-08 21:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-08 21:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-08 21:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-08 21:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-08 21:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-08 21:29 . 2008-01-08 21:29 37,888 --------- C:\WINDOWS\system32\qomkjji.dll
2008-01-08 21:21 . 2008-01-08 21:21 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-08 20:56 . 2008-01-08 20:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:51 . 2008-01-08 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:51 . 2008-01-08 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-08 20:51 . 2008-01-08 21:29 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-01-08 09:37 . 2008-01-08 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 23:30 . 2007-12-30 23:30 <REP> d-------- C:\Documents and Settings\admin\Application Data\DivX
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iTunes
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iPod
2007-12-30 23:02 . 2007-11-29 23:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-30 23:02 . 2007-11-29 23:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-30 23:02 . 2007-11-29 23:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 13:30 . 2007-12-29 13:30 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-29 13:00 . 2007-12-29 13:00 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2007-12-29 13:00 . 2007-12-29 13:00 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2007-12-29 12:15 . 2007-12-29 12:15 268 --ah----- C:\sqmdata19.sqm
2007-12-29 12:15 . 2007-12-29 12:15 244 --ah----- C:\sqmnoopt19.sqm
2007-12-27 23:15 . 2007-12-27 23:15 268 --ah----- C:\sqmdata18.sqm
2007-12-27 23:15 . 2007-12-27 23:15 244 --ah----- C:\sqmnoopt18.sqm
2007-12-27 08:26 . 2007-12-27 08:26 268 --ah----- C:\sqmdata17.sqm
2007-12-27 08:26 . 2007-12-27 08:26 244 --ah----- C:\sqmnoopt17.sqm
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\THQ
2007-12-15 20:23 . 2007-12-15 20:23 <REP> d-------- C:\Program Files\Rapidshare Unlimited
2007-12-13 21:18 . 2008-01-03 18:05 <REP> d-------- C:\Documents and Settings\admin\Application Data\La Bataille pour la Terre du Milieu
2007-12-13 18:20 . 2007-12-13 18:20 <REP> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:31 --------- d-----w C:\Documents and Settings\admin\Application Data\Free Download Manager
2008-01-12 09:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-12 09:11 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-01-11 14:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Microgaming
2008-01-08 08:37 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 08:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 13:18 --------- d-----w C:\Program Files\eMule
2008-01-05 18:38 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-01-01 10:35 --------- d-----w C:\Program Files\Azureus
2007-12-30 22:20 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:03 --------- d-----w C:\Program Files\DivX
2007-12-22 17:58 --------- d-----w C:\Program Files\SPSS Student
2007-12-20 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 17:51 --------- d-----w C:\Program Files\Rapidown
2007-12-15 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 20:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-04 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-29 22:30 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-25 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-13 16:04 --------- d-----w C:\Program Files\Élysée
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
2008-01-08 21:29 37888 --------- C:\WINDOWS\system32\qomkjji.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 12:19 1077329]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:38 262144]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\qomkjji.dll [2008-01-08 21:29 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-08 21:21 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2006-01-05 15:31]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-12-29 13:00]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-12-29 13:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-12-29 13:30]
S1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys []
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33964153-7579-11dc-b754-0016d48a306e}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff63df3-8199-11dc-b771-0016d48a306e}]
\Shell\Auto\command - qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9888968-fbfc-11db-b69b-0016d48a306e}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0571815-f955-11db-b696-0016d48a306e}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f412-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f415-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923f413-1e65-11dc-b6f0-0016d48a306e}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-07 18:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:16:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:37:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\qomkjji.dll
.
Completion time: 2008-01-12 20:40:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 19:40:08
.
2008-01-09 05:54:43 --- E O F ---
12 Janvier 2008 21:15:59

Re ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
File::
C:\WINDOWS\system32\qomkjji.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0994E82-0703-4794-A981-16880A5AF300}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

12 Janvier 2008 21:59:31

Ok, voilà le scan:

ComboFix 08-01-11.3 - admin 2008-01-12 21:54:41.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\qomkjji.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qomkjji.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 18:49 . 2008-01-12 20:22 <REP> d-------- C:\VundoFix Backups
2008-01-12 10:13 . 2008-01-12 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 21:45 . 2008-01-08 21:45 0 --a------ C:\WINDOWS\TPTray.INI
2008-01-08 21:42 . 2008-01-08 21:42 <REP> d-------- C:\Program Files\Alwil Software
2008-01-08 21:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-08 21:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-08 21:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-08 21:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-08 21:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-08 21:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-08 21:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-08 21:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-08 21:21 . 2008-01-08 21:21 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-08 20:56 . 2008-01-08 20:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:51 . 2008-01-08 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:51 . 2008-01-08 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-08 20:51 . 2008-01-08 21:29 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-01-08 09:37 . 2008-01-08 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 23:30 . 2007-12-30 23:30 <REP> d-------- C:\Documents and Settings\admin\Application Data\DivX
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iTunes
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iPod
2007-12-30 23:02 . 2007-11-29 23:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-30 23:02 . 2007-11-29 23:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-30 23:02 . 2007-11-29 23:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 13:30 . 2007-12-29 13:30 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-29 13:00 . 2007-12-29 13:00 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2007-12-29 13:00 . 2007-12-29 13:00 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2007-12-29 12:15 . 2007-12-29 12:15 268 --ah----- C:\sqmdata19.sqm
2007-12-29 12:15 . 2007-12-29 12:15 244 --ah----- C:\sqmnoopt19.sqm
2007-12-27 23:15 . 2007-12-27 23:15 268 --ah----- C:\sqmdata18.sqm
2007-12-27 23:15 . 2007-12-27 23:15 244 --ah----- C:\sqmnoopt18.sqm
2007-12-27 08:26 . 2007-12-27 08:26 268 --ah----- C:\sqmdata17.sqm
2007-12-27 08:26 . 2007-12-27 08:26 244 --ah----- C:\sqmnoopt17.sqm
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\THQ
2007-12-15 20:23 . 2007-12-15 20:23 <REP> d-------- C:\Program Files\Rapidshare Unlimited
2007-12-13 21:18 . 2008-01-03 18:05 <REP> d-------- C:\Documents and Settings\admin\Application Data\La Bataille pour la Terre du Milieu
2007-12-13 18:20 . 2007-12-13 18:20 <REP> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:31 --------- d-----w C:\Documents and Settings\admin\Application Data\Free Download Manager
2008-01-12 09:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-12 09:11 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-01-11 14:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Microgaming
2008-01-08 08:37 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 08:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 13:18 --------- d-----w C:\Program Files\eMule
2008-01-05 18:38 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-01-01 10:35 --------- d-----w C:\Program Files\Azureus
2007-12-30 22:20 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:03 --------- d-----w C:\Program Files\DivX
2007-12-22 17:58 --------- d-----w C:\Program Files\SPSS Student
2007-12-20 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 17:51 --------- d-----w C:\Program Files\Rapidown
2007-12-15 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 20:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-04 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-04 17:12 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-13 16:04 --------- d-----w C:\Program Files\Élysée
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_20.39.55.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 19:29:48 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 20:54:33 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 19:29:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 20:54:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 19:29:48 8,040,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-12 20:54:34 8,040,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-12 19:29:49 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 20:54:34 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 19:29:49 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-12 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 19:29:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 12:19 1077329]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:38 262144]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

C:\Documents and Settings\admin\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-08 21:21 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2006-01-05 15:31]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-12-29 13:00]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-12-29 13:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-12-29 13:30]
S1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys []
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33964153-7579-11dc-b754-0016d48a306e}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff63df3-8199-11dc-b771-0016d48a306e}]
\Shell\Auto\command - qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9888968-fbfc-11db-b69b-0016d48a306e}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0571815-f955-11db-b696-0016d48a306e}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f412-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f415-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923f413-1e65-11dc-b6f0-0016d48a306e}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-07 18:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:16:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 21:57:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-12 21:58:02
ComboFix-quarantined-files.txt 2008-01-12 20:57:48
ComboFix2.txt 2008-01-12 19:40:12
.
2008-01-09 05:54:43 --- E O F ---
12 Janvier 2008 22:12:02


Re ,

Reposte un HiJackThis
12 Janvier 2008 23:00:13

Voilà :

Logfile of HijackThis v1.99.1
Scan saved at 22:59:26, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\admin\Bureau\divers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/Tes...
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

12 Janvier 2008 23:15:34

Re ,

Relance HiJackThis clique cette fois sur [do a system scan only]
coche dans les cases à gauche les lignes suivantes ( et uniquement celles-ci ) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*

et clique sur [Fix checked] ( en bas à gauche )
A la demande de confirmation , répond Oui

---------------------------------------------------------

Télécharge Clean [:eric_71:4] < ici

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )

13 Janvier 2008 00:14:38

Je n'ai pas réussi à envoyer le fichier .gz ...il me dit que le fichier est invalide.
Voilà le rapport de Clean:

sam. 12/01/2008 a 23:27:53,95

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
13 Janvier 2008 00:24:25


Ok ,

redemarre en mode sans echec : >> Comment démarrer en mode Sans Echec <<

Ouvre le dossier clean, double-clique sur clean.cmd
Choisis l'option 2 et patiente
Redémarre normalement

Poste le rapport ( C:\rapport_clean.txt )

----------------------------------------------

Fais un scan en ligne Kaspersky [:eric_71:19] < ici avec Internet Explorer !

Clique sur Demarrer Online-Scanner ( en bas à droite )
Clique sur J'accepte , si necessaire valide l'installation des ActiveX
laisse installer les Mises à jour , choisis l'analyse du Poste de travail

à la fin de l'analyse , Sauvegarde le rapport puis colle le dans ta réponse

Si tu vois ce message : La licence de Kaspersky On-line Scanner est périmée
vas dans Ajout / Suppression de programmes et désinstalle On-Line Scanner
retourne sur le site et retente le scan

13 Janvier 2008 10:52:49

Bonjour,

voilà le rapport de clean et celui de Kaspersky:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec dim. 13/01/2008 a 0:34:09,89

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


_________________________________________________________


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 13, 2008 10:51:45 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/01/2008
Enregistrements dans la base antivirus Kaspersky : 509951
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: faux

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 71436
Nombre de virus trouvés: 4
Nombre d'objets infectés: 16 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:04:19

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Bureau\clean\clean\pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\admin\Bureau\clean.zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\admin\Bureau\clean.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\admin\Bureau\divers\clean.zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\admin\Bureau\divers\clean.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5\crack.exe Infecté : Trojan.Win32.Dialer.yz ignoré
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar/keygen.exe Infecté : not-a-virus:AdWare.Win32.Virtumonde.djn ignoré
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar/crack.exe Infecté : Trojan.Win32.Dialer.yz ignoré
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar RAR: infecté - 2 ignoré
C:\Documents and Settings\admin\Bureau\divers\wifi\aircrack-ng-0.9.1-win.zip/aircrack-ng-win-0.9.1/bin/airodump-ng.exe Infecté : not-a-virus:p SWTool.Win32.AirCrack.a ignoré
C:\Documents and Settings\admin\Bureau\divers\wifi\aircrack-ng-0.9.1-win.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\admin\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\Working\database_1C18_FC42_18FC_1D08\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\Working\database_1C18_FC42_18FC_1D08\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\Working\database_1C18_FC42_18FC_1D08\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\louis_vandepeute@hotmail.com\SharingMetadata\Working\database_1C18_FC42_18FC_1D08\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\louis_vandepeute@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\louis_vandepeute@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\pv2dxr4d.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Pando\Pando Files\cert\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Application Data\Pando\Pando Files\pando.log L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Historique\History.IE5\MSHist012008011320080114\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\Free Download Manager\tic5.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\Free Download Manager\tic6.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\~DF2512.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\~DF2575.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\~DF5F21.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temp\~DF5F45.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\P2OMN6LE\223-fr-cfacon-20[1].swf L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\P2OMN6LE\223-fr-parrain-11[1].swf L'objet est verrouillé ignoré
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\P2OMN6LE\459-fr-soldes-21[1].swf L'objet est verrouillé ignoré
C:\Documents and Settings\admin\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\admin\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Bureau\clean\clean\pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\LocalService\Bureau\clean.zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\LocalService\Bureau\clean.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrs5mri9.default\Cache\3CD27B45d01/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrs5mri9.default\Cache\3CD27B45d01 ZIP: infecté - 1 ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_194.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.
13 Janvier 2008 11:36:40

Citation :
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5\crack.exe
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar/keygen.exe
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar/crack.exe
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar
C:\Documents and Settings\admin\Bureau\divers\wifi\aircrack-ng-0.9.1-win.zip

:non:  pas bien les cracks , pour ça que tu es infecté ...

Télécharge OTMoveIt [:eric_71:2] < ici

Sauvegarde-le sur ton Bureau
Séléctionne l'encadré ci-dessous , puis Clique droit , puis Copier :
C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar
C:\Documents and Settings\admin\Bureau\divers\wifi\aircrack-ng-0.9.1-win.zip
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrs5mri9.default\Cache\3CD27B45d01

Lance maintenant OTMoveIt en double cliquant sur OTMoveIt.exe
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis Coller
Enfin , clique sur [MoveIt!][/#f]

[#ff0000]Il est possible qu'il te demande de redemarrer , accepte en cliquant sur YES

Poste le rapport généré ( C:\_OTMoveIt\MovedFiles\date de création )

-------------------------------------------------------------------

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter] , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

13 Janvier 2008 11:47:40

Merci,

Je pense que je vais arrêter de déconner avec mon pc...notamment avec les cracks :s

Voilà les deux rapports:

C:\Documents and Settings\admin\Bureau\divers\Grisoft AVG Internet Security 7.5.rar moved successfully.
C:\Documents and Settings\admin\Bureau\divers\wifi\aircrack-ng-0.9.1-win.zip moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrs5mri9.default\Cache\3CD27B45d01 moved successfully.

Created on 01/13/2008 11:40:49


________________________________________________________
-->- Recherche:

C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\admin\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\admin\Bureau\OtMoveIt.exe: trouvé !
C:\Documents and Settings\admin\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\admin\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\tar.exe: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\LFiles.exe: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\gzip.exe: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\clean\clean\cherche.cmd: trouvé !
C:\Documents and Settings\admin\Bureau\divers\Clean.zip: trouvé !
C:\Documents and Settings\admin\Bureau\divers\HijackThis.exe: trouvé !
C:\Documents and Settings\admin\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\LocalService\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\cherche.cmd: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\admin\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\admin\Bureau\OtMoveIt.exe: Erreur de suppression !
C:\Documents and Settings\admin\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\admin\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\tar.exe: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\LFiles.exe: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\gzip.exe: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Documents and Settings\admin\Bureau\divers\Clean.zip: supprimé !
C:\Documents and Settings\admin\Bureau\divers\HijackThis.exe: supprimé !
C:\Documents and Settings\admin\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\LocalService\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\LocalService\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: Erreur de suppression !

13 Janvier 2008 19:52:08


Reposte un HiJackThis
13 Janvier 2008 22:14:51

Voilà:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:00, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\admin\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 9594 bytes
13 Janvier 2008 23:47:02


Bien ,

Je te conseille de remplacer Avast par Antivir ( gratuit aussi mais bien meilleur )

tu peux le trouver ici : > Sécuriser son ordinateur <

Tu as toujours des problèmes ?
14 Janvier 2008 10:27:53

Salut,

Comme tu me l'as conseillé, j'ai remplacer avast par antivir.
J'ai fait un scan et voici le rapport :



AntiVir PersonalEdition Classic
Report file date: lundi 14 janvier 2008 08:16

Scanning for 1029710 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: VDP_KOT

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:03:04
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 07:03:04
ANTIVIR3.VDF : 7.0.1.228 183808 Bytes 13/01/2008 07:03:04
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 14/01/2008 07:03:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 14/01/2008 07:03:05
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: lundi 14 janvier 2008 08:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_VDP_KOT.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/WINDOWS/system32/qomkjji.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.dvo.13
[INFO] The file was deleted!
C:\Documents and Settings\admin\Bureau\divers\AusLogics BoostSpeed 3.6.8.655 (Multilanguage) keygen [April 12 2007].rar
[0] Archive type: RAR
--> boostspeed_install.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.VB.TS
[INFO] The file was deleted!
C:\Documents and Settings\admin\Bureau\divers\Nod32_v2.70.39_Fr___patch2.2___username_pour_la_version_compl_te.rar
[DETECTION] Is the Trojan horse TR/Drop.Agent
[INFO] The file was deleted!
C:\Documents and Settings\admin\Bureau\divers\WinRAR_3.71_Final___Maxi_Themes\Softs+Keygen\KeyGen\keygen.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs
[INFO] The file was deleted!
C:\Program Files\Championship Manager 01-02\cm3965GDI_nocd.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was deleted!
C:\Program Files\Championship Manager 01-02\cm3965nocd.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was deleted!
C:\RECYCLER\S-1-5-21-4252979719-2047720867-4053245309-1006\Dc14\NOD32.FiX v3.0.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] The file was deleted!
C:\RECYCLER\S-1-5-21-4252979719-2047720867-4053245309-1006\Dc17.5\crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP284\A0055368.com
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
[INFO] A backup was created as '47bb20c2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP284\A0055385.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
[INFO] A backup was created as '47bb210f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\A0055389.dll
[DETECTION] Is the Trojan horse TR/Vundo.dvo.13
[INFO] A backup was created as '47bb2119.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\A0055408.com
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
[INFO] A backup was created as '47bb211f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\A0055465.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.com
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
--> nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
[INFO] A backup was created as '47bb2125.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\A0055469.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] A backup was created as '47bb2126.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP285\A0055481.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] A backup was created as '47bb2127.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP286\A0055649.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs
[INFO] A backup was created as '47bb2178.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP286\A0055650.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] A backup was created as '46c58521.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP286\A0055651.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] A backup was created as '47bb2179.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP286\A0055652.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] A backup was created as '46c58522.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{907F5B5F-D910-4DC1-92C9-F3481B14962A}\RP286\A0055653.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] A backup was created as '47bb217b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\NirCmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.3
[INFO] A backup was created as '47fd22be.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: lundi 14 janvier 2008 10:20
Used time: 2:04:47 min

The scan has been done completely.

7133 Scanning directories
255185 Files were scanned
22 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
21 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
255163 Files not concerned
6966 Archives were scanned
2 Warnings
2 Notes

14 Janvier 2008 20:58:35


Re ,

Antivir en à trouvé et supprimé des autres , on voit bien sa superiorité par rapport à Avast :) 

D'autres problèmes ?

14 Janvier 2008 21:00:20

Non, tout va bien.

Merci beaucoup pour ton aide!

Je modifie mon post,

à bientot (pas trop tot j'espère ;)  )
14 Janvier 2008 21:07:10


De rien , bonne continuation ;) 

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS