Se connecter / S'enregistrer
Votre question

Infection Win32:BHO-KD [trj] [RESOLU]

Tags :
  • Win32
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Janvier 2008 15:07:22

Bonjour à tous,

Mon ordinateur est infecté depuis 2 semaines par Win32:BHO-KD [trj], c'est le fichier c:\windows\system32\cryptsvce.dll qui est infecté.
Avast le détecte mais ne réussit ni à le supprimer, ni à le mettre en quarantaine...
J'ai essayé de détruire l'infection avec spybot, ad aware, avast virus cleaner, combo fix... mais rien n'y fait !
Mon ordinateur est "protégé" (normalement) par Avast + Zone alarm...
Est ce que quelqu'un a une solution ?

Merci beaucoup pour vos réponses
Bien cordialement,

Alineane

Autres pages sur : infection win32 bho trj resolu

10 Janvier 2008 15:25:02

Re,
J'ai lu les autres réponses et vu que vous demandiez presque toujours un rapport hijack this, alors au cas où, voici le mien :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CmWatch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ut44sm6rejm.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VFR5OLW9\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B67D0C1B-0AB3-4094-B3FC-C1E9BD1B706B} - c:\windows\system32\comdlg32a.dll
O2 - BHO: (no name) - {BDBAEE06-5679-490C-955A-CDFA77BECC8A} - C:\WINDOWS\system32\cryptsvce.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ut44sm6rejm] C:\WINDOWS\system32\ut44sm6rejm.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ut44sm6rejm] C:\WINDOWS\system32\ut44sm6rejm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXB...
O16 - DPF: {86D33886-21AC-11D7-B475-0080AD750764} (Midiocx Control) - http://www.karaokeonline.com.br/midiocx.ocx
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe
O20 - Winlogon Notify: kraqsgad - C:\WINDOWS\SYSTEM32\comdlg32a.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9899 bytes

Merci encore
a b 8 Sécurité
10 Janvier 2008 17:01:11

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Contenus similaires
    10 Janvier 2008 18:07:22

    Merci pour ta réponse

    Voici le rapport :

    ComboFix 08-01-09.2 - Compaq_Propriétaire 2008-01-11 17:55:12.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.459 [GMT 1:00]
    Running from: C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\USURMZLE\ComboFix[1].exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\windows
    D:\Autorun.inf
    K:\Autorun.inf
    C:\WINDOWS\system32\comdlg32a.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 20:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-22 21:20 . 2007-12-22 21:20 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-12-22 21:20 . 2007-12-22 21:20 741,632 --a------ C:\WINDOWS\system32\wcvnssyo.dat
    2007-12-22 21:20 . 2007-12-22 21:20 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2007-12-22 21:20 . 2007-12-22 21:20 42,240 --a------ C:\WINDOWS\system32\znyvtfcu.dat
    2007-12-22 21:20 . 2007-12-22 21:20 36,096 --a------ C:\WINDOWS\system32\hsalzmzp.dat
    2007-12-22 21:20 . 2007-12-22 21:20 35,072 --a------ C:\WINDOWS\system32\pipmwfpv.dat
    2007-12-21 20:50 . 2007-12-21 20:50 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SampleView
    2007-12-21 20:21 . 2007-12-21 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-21 19:14 . 2008-01-10 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-12-21 17:52 . 2007-12-21 19:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-21 01:43 . 2007-12-25 22:08 120,576 --a------ C:\WINDOWS\system32\ijmqmyrj.dat
    2007-12-21 01:37 . 2007-12-25 22:08 84,992 --a------ C:\WINDOWS\system32\comdlg32a.dll
    2007-12-21 01:37 . 2004-08-05 18:00 84,480 --a------ C:\WINDOWS\system32\comdlg32a.dll.bak
    2007-12-21 01:37 . 19,584 C:\WINDOWS\system32\drivers\cdsyfkzm.dat
    2007-12-21 01:37 . 2005-10-13 01:03 17,408 --a------ C:\WINDOWS\system32\ut44sm6rejm.exe
    2007-12-21 01:36 . 2004-08-05 18:00 84,992 --a------ C:\WINDOWS\system32\cryptsvce.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-21 18:28 --------- d-----w C:\Program Files\Google
    2007-12-21 16:42 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-12-21 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-21 16:31 --------- d-----w C:\Program Files\DivX
    2007-12-21 00:38 --------- d-----w C:\Program Files\eMule
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2005-04-01 06:31 9,860 ----a-w C:\Program Files\Index_soir_Bordeaux.htm
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B67D0C1B-0AB3-4094-B3FC-C1E9BD1B706B}]
    2007-12-25 22:08 84992 --a------ c:\windows\system32\comdlg32a.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBAEE06-5679-490C-955A-CDFA77BECC8A}]
    2004-08-05 18:00 84992 --a------ C:\WINDOWS\system32\cryptsvce.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe" [2004-01-02 08:12 159744]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 18:00 15360]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "ut44sm6rejm"="C:\WINDOWS\system32\ut44sm6rejm.exe" [2005-10-13 01:03 17408]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 19:14 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 07:08 32881]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 03:43 233472]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-02 06:12 4112384]
    "nwiz"="nwiz.exe" [2004-07-02 06:12 843776 C:\WINDOWS\system32\nwiz.exe]
    "VTTimer"="VTTimer.exe" []
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 16:47 249856]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 09:21 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 19:51 200704]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-02 08:03 98304]
    "CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 16:50 229376]
    "vmlib"="vmlib.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
    "ut44sm6rejm"="C:\WINDOWS\system32\ut44sm6rejm.exe" [2005-10-13 01:03 17408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kraqsgad]
    comdlg32a.dll 2007-12-25 22:08 84992 C:\WINDOWS\system32\comdlg32a.dll

    R0 vgxymobx;vgxymobx;C:\WINDOWS\system32\drivers\cdsyfkzm.dat []
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S2 kccwzydu;AGP Bus r80ed Controller;C:\WINDOWS\System32\svchost.exe [2004-08-05 18:00]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
    S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 11:40]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    kccwzydu

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d7f1a8e-34a8-11dc-b294-00112f7037d3}]
    \Shell\AutoRun\command - L:\wd_windows_tools\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-11 18:01:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-11 18:03:50 - machine was rebooted [Compaq_Propri‚taire]
    ComboFix-quarantined-files.txt 2008-01-11 17:03:45
    .
    2008-01-10 20:13:22 --- E O F ---


    Merci encore.
    a b 8 Sécurité
    10 Janvier 2008 18:16:48

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    vgxymobx

    Rootkit::
    C:\WINDOWS\system32\comdlg32a.dll

    File::
    C:\WINDOWS\system32\wcvnssyo.dat
    C:\WINDOWS\system32\znyvtfcu.dat
    C:\WINDOWS\system32\hsalzmzp.dat
    C:\WINDOWS\system32\pipmwfpv.dat
    C:\WINDOWS\system32\comdlg32a.dll.bak
    C:\WINDOWS\system32\drivers\cdsyfkzm.dat
    C:\WINDOWS\system32\ut44sm6rejm.exe
    C:\WINDOWS\system32\cryptsvce.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B67D0C1B-0AB3-4094-B3FC-C1E9BD1B706B}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBAEE06-5679-490C-955A-CDFA77BECC8A}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ut44sm6rejm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ut44sm6rejm"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kraqsgad]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    10 Janvier 2008 18:48:28

    Re,

    Voici les 2 rapports :

    Le rapport Combofix

    ComboFix 08-01-09.2 - Compaq_Propriétaire 2008-01-11 18:28:53.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.446 [GMT 1:00]
    Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_Propriétaire\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\comdlg32a.dll.bak
    C:\WINDOWS\system32\cryptsvce.dll
    C:\WINDOWS\system32\drivers\cdsyfkzm.dat
    C:\WINDOWS\system32\hsalzmzp.dat
    C:\WINDOWS\system32\pipmwfpv.dat
    C:\WINDOWS\system32\ut44sm6rejm.exe
    C:\WINDOWS\system32\wcvnssyo.dat
    C:\WINDOWS\system32\znyvtfcu.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\comdlg32a.dll
    C:\WINDOWS\system32\cryptsvce.dll
    C:\WINDOWS\system32\drivers\cdsyfkzm.dat
    C:\WINDOWS\system32\hsalzmzp.dat
    C:\WINDOWS\system32\pipmwfpv.dat
    C:\WINDOWS\system32\ut44sm6rejm.exe
    C:\WINDOWS\system32\wcvnssyo.dat
    C:\WINDOWS\system32\znyvtfcu.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_VGXYMOBX
    -------\vgxymobx


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 20:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-22 21:20 . 2007-12-22 21:20 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-12-22 21:20 . 2007-12-22 21:20 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2007-12-21 20:50 . 2007-12-21 20:50 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SampleView
    2007-12-21 20:21 . 2007-12-21 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-21 19:14 . 2008-01-10 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-12-21 17:52 . 2007-12-21 19:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-21 01:43 . 2007-12-25 22:08 120,576 --a------ C:\WINDOWS\system32\ijmqmyrj.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-25 21:02 5,898,148 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2007-12-21 18:28 --------- d-----w C:\Program Files\Google
    2007-12-21 16:42 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-12-21 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-21 16:31 --------- d-----w C:\Program Files\DivX
    2007-12-21 00:38 --------- d-----w C:\Program Files\eMule
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2005-04-01 06:31 9,860 ----a-w C:\Program Files\Index_soir_Bordeaux.htm
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-11_18.03.20.89 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-09 19:45:17 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-11 17:28:26 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-09 19:45:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-11 17:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-09 19:45:17 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-11 17:28:26 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-09 19:45:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-11 17:28:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-09 19:45:18 8,454,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-11 17:28:27 8,470,528 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-09 19:45:18 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-11 17:28:27 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-11 17:33:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_740.dat
    + 2008-01-11 17:33:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8cc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe" [2004-01-02 08:12 159744]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 18:00 15360]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 19:14 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 07:08 32881]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 03:43 233472]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-02 06:12 4112384]
    "nwiz"="nwiz.exe" [2004-07-02 06:12 843776 C:\WINDOWS\system32\nwiz.exe]
    "VTTimer"="VTTimer.exe" []
    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 16:47 249856]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 09:21 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 19:51 200704]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-02 08:03 98304]
    "CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 16:50 229376]
    "vmlib"="vmlib.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S2 kccwzydu;AGP Bus r80ed Controller;C:\WINDOWS\System32\svchost.exe [2004-08-05 18:00]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
    S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 18:00]
    S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 11:40]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    kccwzydu

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d7f1a8e-34a8-11dc-b294-00112f7037d3}]
    \Shell\AutoRun\command - L:\wd_windows_tools\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-11 18:34:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-11 18:35:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-11 17:35:53
    ComboFix2.txt 2008-01-11 17:03:51
    .
    2008-01-10 20:13:22 --- E O F ---


    Le rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:45:16, on 11/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\CmWatch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
    O4 - HKLM\..\Run: [vmlib] vmlib.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXB...
    O16 - DPF: {86D33886-21AC-11D7-B475-0080AD750764} (Midiocx Control) - http://www.karaokeonline.com.br/midiocx.ocx
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9019 bytes

    Merci encore pour ton aide
    a b 8 Sécurité
    10 Janvier 2008 18:50:10

    Re,

    Supprime ce fichier :
    C:\WINDOWS\system32\ijmqmyrj.dat
    10 Janvier 2008 18:54:58

    Re,

    Mission accomplie : le fichier C:\WINDOWS\system32\ijmqmyrj.dat est supprimé
    Dois je refaire une autre manipulation ?

    Merci encore,

    Alineane
    a b 8 Sécurité
    10 Janvier 2008 19:00:57

    Reposte un rapport Hijackthis :) 
    10 Janvier 2008 19:25:34

    Hello !

    Voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23:41, on 11/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\CmWatch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
    O4 - HKLM\..\Run: [vmlib] vmlib.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXB...
    O16 - DPF: {86D33886-21AC-11D7-B475-0080AD750764} (Midiocx Control) - http://www.karaokeonline.com.br/midiocx.ocx
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9055 bytes
    10 Janvier 2008 22:38:42

    Bonsoir Angeldark,
    J'ai suivi tes conseils et désinstaller Avast pour le remplacer par antivir.
    Avant de poster le rapport, j'en profite pour te demander si la protection par zone alarm + antivir suffit, étant donné qu'antivir ne gère pas les mails. Dois je installer un autre logiciel spécialement pour les emails ? Merci !

    Encore une fois merci bcp de ton aide et du temps que tu as accordé à mon problème

    Alineane

    Le rapport Antivir :

    AntiVir PersonalEdition Classic
    Report file date: vendredi 11 janvier 2008 21:37

    Scanning for 1024328 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: GENEVE

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:24:09
    ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 20:24:09
    ANTIVIR3.VDF : 7.0.1.220 109568 Bytes 10/01/2008 20:24:09
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 11/01/2008 20:24:11
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 11/01/2008 20:24:11
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: K:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 11 janvier 2008 21:37

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'PCHButton.exe' - '1' Module(s) have been scanned
    Scan process 'winampa.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'CmWatch.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb03.exe' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    38 processes with 38 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'K:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '33' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B14DD6.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47c9d3ec.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41BC3332.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47c9d3ed.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43B04B0C.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47c9d3f3.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D970340.tmp
    [DETECTION] Is the Trojan horse TR/Dldr.Delf.CB.1
    [INFO] The file was moved to '47c0d40b.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5554036D
    [DETECTION] Contains detection pattern of the dropper DR/Toolbar.404Search.H
    [INFO] The file was moved to '47bcd402.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\595F67BC.dll
    [DETECTION] Is the Trojan horse TR/Dialer.QJ
    [INFO] The file was moved to '47bcd40a.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\673C5705.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47bad40b.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B6D31FB.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47bdd41a.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CA91A9F.zip
    [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA
    [INFO] The file was moved to '47c8d420.qua'!
    C:\QooBox\Quarantine\catchme2008-01-11_180107.60.zip
    [0] Archive type: ZIP
    --> comdlg32a.dll
    [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
    [INFO] The file was moved to '47fbd851.qua'!
    C:\QooBox\Quarantine\catchme2008-01-11_183337.45.zip
    [0] Archive type: ZIP
    --> comdlg32a.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> comdlg32a.dll.1
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> comdlg32a.dll.bak
    [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
    --> cryptsvce.dll
    [DETECTION] Is the Trojan horse TR/BHO.agz.5
    [INFO] The file was moved to '47fbd854.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\comdlg32a.dll.bak.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47f4d869.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\comdlg32a.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47f4d86c.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\cryptsvce.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '4800d873.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ut44sm6rejm.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
    [INFO] The file was moved to '47bbd879.qua'!
    Begin scan in 'D:\' <PRESARIO_RP>
    Begin scan in 'K:\' <My Book>


    End of the scan: vendredi 11 janvier 2008 22:24
    Used time: 46:41 min

    The scan has been done completely.

    5364 Scanning directories
    336836 Files were scanned
    18 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    15 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    336818 Files not concerned
    12937 Archives were scanned
    2 Warnings
    0 Notes

    a b 8 Sécurité
    10 Janvier 2008 22:56:55

    Reposte un rapport Hijackthis.
    10 Janvier 2008 23:03:56

    Angeldark a dit :
    Reposte un rapport Hijackthis.


    Le voilà :hello: 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:02:44, on 11/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\CmWatch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.266\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
    O4 - HKLM\..\Run: [vmlib] vmlib.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXB...
    O16 - DPF: {86D33886-21AC-11D7-B475-0080AD750764} (Midiocx Control) - http://www.karaokeonline.com.br/midiocx.ocx
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper....
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8868 bytes
    a b 8 Sécurité
    11 Janvier 2008 18:02:26

    C'est mieux ?
    11 Janvier 2008 18:55:33

    Angeldark a dit :
    C'est mieux ?


    Bonsoir Angeldark :hello: 

    Oui je pense que tout va mieux, je n'ai plus d'alerte pour ce virus et Antivir a détecté d'autres virus qu'il a apparement traités aussitôt.

    Merci beaucoup pour ton aide !!!

    Cordialement,

    Alineane :) 

    a b 8 Sécurité
    11 Janvier 2008 19:43:51

    Bon surf !

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    11 Janvier 2008 22:17:55

    Bonsoir,

    Voici le rapport Tcleaner

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Compaq_Propriétaire\Recent\HijackThis.lnk: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Compaq_Propriétaire\Recent\HijackThis.lnk: supprimé !
    C:\Qoobox: supprimé !

    Sauvegarde du registre crée!

    Mille mercis pour ton aide
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS