Votre question

trojan commdl.dll

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Janvier 2008 02:06:20

bonjour depuis quelque jour avast me detecte un trojan ou il me met le fichier dans c:/windows/system32/commdl.dll mais il ne peut pas le renommer ni suprimer ni deplacer rien car il est utiliser avec un processus ou autre j'ai fait des analyse avec avg antispy, windows defender, ad-aware et webroot spy qui eux n'ont rien detecter j'aimerais le supirmer moi même mais il faudrait que je sache quel processus tuer j'ai utiliser wholockme mais il ne marche pas je clique droit fait wholockme et rien du tout lol aurait-il un logiciel bien qui ferait la même chosse c'est a dire quel processus utilise le fichier que l'on veut suprimer????
merci de votre aide

Autres pages sur : trojan commdl dll

3 Janvier 2008 11:41:59

Salut,

Ton sujet aurait plus sa place dans la section Sécurité Virus. J'ai alerté un modérateur pour qu'il déplace ton sujet ;) .
3 Janvier 2008 12:08:24

Prends Unlocker, et colle ici c'est quoi le chemin du truc bloquer que prend le machin qui sera indiqué par lui.
Contenus similaires
3 Janvier 2008 12:41:51

merci yama merci lonithe le chemin du truck bloquer je l'ai deja mis c:/windows/system32/commdl.dll merci de vos reponses rapides
3 Janvier 2008 22:31:31

ok je telecharge et je le fait tout de suite merci chercher sinon j'ai eseyer en tuan explorer.exe de le suprimer avec del du cmd mais aparament on ne peut pas faire windows c'est normal ?
3 Janvier 2008 22:33:57

voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:33, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsz9.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7300 bytes
3 Janvier 2008 22:54:28

Plusieurs infections différentes.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
3 Janvier 2008 23:02:43

je suis en train de le faire ;) 
3 Janvier 2008 23:04:46

pendant que combofx demare avec hijackthis tu vois tous les processus en route ? parce que avast étais dedans mais n'aparait pas dans mes processus
3 Janvier 2008 23:25:23

On voit Avast dans les processus, il fonctionne.
Mais ce n'est pas actuellement l'antivirus gratuit le plus performant.
3 Janvier 2008 23:44:11

je m'en doute il est pas super j'en cherchai un mais le plus facile c'est de trouver des antispy gratuit en même temp si tu peut me conseiller des antivirus gratuit tien je tenvoi le rapport c'etait long sa vient de terminer j'avais plus connexion direct à infos du net internet explorer c'est remit par default enfin je vous envoi le raport
3 Janvier 2008 23:44:51

combofix:
ComboFix 08-01-04.1 - alex 2008-01-03 23:10:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.190 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nsz9.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-01 00:44 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-26 02:11 . 19,456 C:\WINDOWS\system32\drivers\hhnbwhlj.dat
2007-12-26 02:09 . 2004-08-05 13:00 84,992 --a------ C:\WINDOWS\system32\commdl.dll
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-03 14:00 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-12 21:15 . 2007-12-12 21:15 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-12 21:15 . 2007-12-18 11:31 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-12 21:15 . 2008-01-03 01:22 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-12 21:15 . 2007-12-12 21:15 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 00:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 00:25 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-11 19:48 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-01 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 15:54 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
2004-08-05 13:00 84992 --a------ C:\WINDOWS\system32\commdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-01 21:44 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-01 21:44 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 21:01 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

R0 yabkhbja;yabkhbja;C:\WINDOWS\system32\drivers\hhnbwhlj.dat []
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ba3f4c-9925-11dc-b208-000874a7b3d7}]
\Shell\AutoRun\command - D:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 22:29:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-02 11:53:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:27:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 23:36:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 22:36:12
.
2007-12-28 09:20:33 --- E O F ---
3 Janvier 2008 23:46:16

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:41, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6752 bytes
4 Janvier 2008 22:10:14

Bonjour


Copie (Ctrl+C) le texte ci-dessous :

Driver::
yabkhbja

File::
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe

Folder::
C:\Program Files\Dcads Games Collection
C:\Program Files\AskSBar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
4 Janvier 2008 22:14:44

merci je le fait tou de suite
4 Janvier 2008 22:55:06

dans l'analyse il a detecter commdl.dll
au redemarage j'ai été voir le fichier a disparu il a du être detruit je t'envois le compte rendu et je t'envois le raport hijackthis apres et pourait tu me conseiler aussi un antivirus gratuit
4 Janvier 2008 22:55:19

ComboFix 08-01-04.1 - alex 2008-01-04 22:23:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\alex\Mes documents\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\009E637C
C:\Program Files\AskSBar\bar\Cache\009E6706
C:\Program Files\AskSBar\bar\Cache\009E6E49.bin
C:\Program Files\AskSBar\bar\Cache\009E71B4.bin
C:\Program Files\AskSBar\bar\Cache\009E757D.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_YABKHBJA
-------\yabkhbja


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 12:24 . 2008-01-05 12:24 <REP> d-------- C:\Program Files\ToniArts
2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-04 20:36 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-05 12:42 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:42 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2008-01-05 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 11:36 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 21:45:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-05 13:00:09 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- D:\,E:\,F:\,G:
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 22:42:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 22:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 21:51:57
ComboFix2.txt 2008-01-04 22:36:49
.
2008-01-04 22:39:11 --- E O F ---
4 Janvier 2008 23:08:04

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:33, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\alex\Mes documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5799 bytes
4 Janvier 2008 23:30:29

Bien


Relance un scan HijackThis et coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »



Comme antivirus, le plus performant actuellement est Antivir
http://www.free-av.com
et son tutorial d'installation
http://speedweb1.free.fr/frames2.php?page=tuto5
4 Janvier 2008 23:35:19

voilà j'ai fait
4 Janvier 2008 23:53:16

je doit aller me coucher je regarderais tes autres conseil se soir bien que je pensse que le probleme est régler mais aparament tu me nétois plus que mon petit trojan merci à toi
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS