Se connecter / S'enregistrer
Votre question

Help! ordi gravement atteint par virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Novembre 2007 19:18:59

Salut les gars
J'ai un probème de virus. J'ai eu beau passer mon ordi plusieurs fois à l'antivirus, aussi Ad-Aware et Spybot et FixVundo et rmvirut.exe, etc... mais rien n'y fait, le problème est récurent, les mêmes virus reviennent. Quand je vais sur le web, il y a des fenêtres intempestives de sites pornos et autres qui "splash", entres autres problèmes. Merci d'avance.
Voici un rapport de Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:23:26, on 2007-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan....
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - Unknown owner - F:\Documents and Settings\J.J. Dupont\Application Data\tmp4D.tmp.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - F:\WINDOWS\system32\wdfmgr.exe (file missing)

Autres pages sur : help ordi gravement atteint virus

27 Novembre 2007 19:31:28

Bonjours,

Vous etes atteind virus pas tres grave masi recent quand meme.

Redemarrer en mode sans echec et faites un scan complet avec antivir

Cordialement
27 Novembre 2007 20:25:26

bonsoir

master-univers, tu n'as toujours pas compris????

antivir vs Vundo, ça marchera pas!

+++++++++++++++


Luccco

1

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

2

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Désactive impérativement ton antivirus avant de lancer l'analyse.

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

3

ajoute un nouveau rapport Hijackthis.
Contenus similaires
a b 8 Sécurité
27 Novembre 2007 20:45:44

TTed :) 
28 Novembre 2007 00:21:10

Merci je le fait tout de suite (désolé je pouvais pas répondre avant).
mrde j'ai des problème d touches clavier en écrvant....
28 Novembre 2007 12:43:37

alors voici le rapport de ComboFix:

ComboFix 07-11-19.4 - Administrateur 2007-11-28 6:24:51.3 - NTFSx86
Running from: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-11-28 04:41 2,560 --a------ F:\WINDOWS\system32\settings.aaw
2007-11-28 04:41 976 --a------ F:\WINDOWS\system32\history.aaw
2007-11-28 01:16 <REP> dr------- F:\Documents and Settings\LocalService\Favoris
2007-11-28 00:17 70,656 --a--c--- F:\WINDOWS\system32\dllcache\notepad.exe
2007-11-27 20:24 24,576 --a------ F:\WINDOWS\system32\VundoFixSVC.exe
2007-11-27 13:47 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Uniblue
2007-11-27 02:07 78,912 --a------ F:\WINDOWS\system32\csospqmt.dll
2007-11-27 02:07 294 ---hs---- F:\WINDOWS\system32\coaruooc.ini
2007-11-26 06:19 6,058,496 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-26 06:19 2,455,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-26 06:19 1,048,576 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-26 06:19 383,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-26 06:19 267,776 -----c--- F:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-26 06:19 63,488 -----c--- F:\WINDOWS\system32\dllcache\icardie.dll
2007-11-26 06:19 13,824 -----c--- F:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-26 06:17 <REP> d-------- F:\WINDOWS\system32\fr-fr
2007-11-26 03:21 23,040 -----c--- F:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-26 03:15 <REP> dr------- F:\Documents and Settings\NetworkService\Favoris
2007-11-26 03:06 <REP> d-------- F:\Program Files\MSXML 4.0
2007-11-26 02:10 80,960 --a------ F:\WINDOWS\system32\hmblmbct.dll
2007-11-26 02:04 294 ---hs---- F:\WINDOWS\system32\mwitegpc.ini
2007-11-26 02:04 143 --a------ F:\WINDOWS\system32\mcrh.tmp
2007-11-26 01:57 27,200 --a------ F:\WINDOWS\system32\aQLvs2F5.exe
2007-11-26 01:21 <REP> d-------- F:\VundoFix Backups
2007-11-25 05:15 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-25 03:55 <REP> d--h----- F:\WINDOWS\system32\GroupPolicy
2007-11-25 03:10 79,936 --a------ F:\WINDOWS\system32\vuuuxgiy.dll
2007-11-25 03:08 294 ---hs---- F:\WINDOWS\system32\ujdnvkho.ini
2007-11-23 11:26 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Ahead
2007-11-23 11:26 1,994,752 --------- F:\WINDOWS\UNNeroVision.exe
2007-11-23 11:15 125,184 --a------ F:\WINDOWS\system32\drivers\imagesrv.sys
2007-11-23 11:15 5,504 --a------ F:\WINDOWS\system32\drivers\imagedrv.sys
2007-11-23 11:14 <REP> d-------- F:\Program Files\Fichiers communs\Ahead
2007-11-23 11:14 <REP> d-------- F:\Program Files\Ahead
2007-11-22 14:21 <REP> d--hs---- F:\Documents and Settings\Administrateur\UserData
2007-11-22 01:27 <REP> d-------- F:\Documents and Settings\Administrateur\DoctorWeb
2007-11-21 17:26 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2007-11-21 17:00 571,392 --a--c--- F:\WINDOWS\system32\dllcache\tintlgnt.ime
2007-11-21 17:00 185,344 --a--c--- F:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-11-21 17:00 46,592 --a--c--- F:\WINDOWS\system32\dllcache\svcext51.dll
2007-11-21 17:00 31,232 --a--c--- F:\WINDOWS\system32\dllcache\tools.dll
2007-11-21 17:00 21,896 --a--c--- F:\WINDOWS\system32\dllcache\tdipx.sys
2007-11-21 17:00 19,464 --a--c--- F:\WINDOWS\system32\dllcache\tdspx.sys
2007-11-21 17:00 13,192 --a--c--- F:\WINDOWS\system32\dllcache\tdasync.sys
2007-11-21 17:00 10,752 --a--c--- F:\WINDOWS\system32\dllcache\smtpapi.dll
2007-11-21 17:00 10,240 --a--c--- F:\WINDOWS\system32\dllcache\tmigrate.dll
2007-11-21 16:59 31,744 --a--c--- F:\WINDOWS\system32\dllcache\pagecnt.dll
2007-11-21 16:58 53,248 --a--c--- F:\WINDOWS\system32\dllcache\nextlink.dll
2007-11-21 16:58 45,056 --a--c--- F:\WINDOWS\system32\dllcache\nsepm.dll
2007-11-21 16:57 257,024 --a--c--- F:\WINDOWS\system32\dllcache\infocomm.dll
2007-11-21 16:57 145,408 --a--c--- F:\WINDOWS\system32\dllcache\iische51.dll
2007-11-21 16:57 60,928 --a--c--- F:\WINDOWS\system32\dllcache\iisclex4.dll
2007-11-21 16:57 25,088 --a--c--- F:\WINDOWS\system32\dllcache\iisadmin.dll
2007-11-21 16:57 23,040 --a--c--- F:\WINDOWS\system32\dllcache\lpdsvc.dll
2007-11-21 16:57 19,456 --a--c--- F:\WINDOWS\system32\dllcache\lprmon.dll
2007-11-21 16:57 19,456 --a--c--- F:\WINDOWS\system32\dllcache\iiscrmap.dll
2007-11-21 16:57 13,312 --a--c--- F:\WINDOWS\system32\dllcache\lonsint.dll
2007-11-21 16:56 10,096,640 --a--c--- F:\WINDOWS\system32\dllcache\hwxcht.dll
2007-11-21 16:56 268,288 --a--c--- F:\WINDOWS\system32\dllcache\httpext.dll
2007-11-21 16:56 62,464 --a--c--- F:\WINDOWS\system32\dllcache\httpod51.dll
2007-11-21 16:56 8,192 --a--c--- F:\WINDOWS\system32\dllcache\httpmb51.dll
2007-11-21 16:56 6,144 --a--c--- F:\WINDOWS\system32\dllcache\ftlx041e.dll
2007-11-21 16:55 198,656 --a--c--- F:\WINDOWS\system32\dllcache\cintime.dll
2007-11-21 16:55 173,568 --a--c--- F:\WINDOWS\system32\dllcache\chtskf.dll
2007-11-21 16:55 97,792 --a--c--- F:\WINDOWS\system32\dllcache\chtmbx.dll
2007-11-21 16:55 57,856 --a--c--- F:\WINDOWS\system32\dllcache\esuimgd.dll
2007-11-21 16:55 56,320 --a--c--- F:\WINDOWS\system32\dllcache\chtskdic.dll
2007-11-21 16:55 45,568 --a--c--- F:\WINDOWS\system32\dllcache\esunid.dll
2007-11-21 16:55 33,792 --a--c--- F:\WINDOWS\system32\dllcache\controt.dll
2007-11-21 16:55 31,744 --a--c--- F:\WINDOWS\system32\dllcache\esucmd.dll
2007-11-21 16:55 25,856 --a--c--- F:\WINDOWS\system32\dllcache\et4000.sys
2007-11-21 16:55 24,064 --a--c--- F:\WINDOWS\system32\dllcache\compfilt.dll
2007-11-21 16:55 21,504 --a--c--- F:\WINDOWS\system32\dllcache\cintlgnt.ime
2007-11-21 16:55 20,480 --a--c--- F:\WINDOWS\system32\dllcache\counters.dll
2007-11-21 16:54 2,134,528 --a--c--- F:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-11-21 16:54 189,440 --a--c--- F:\WINDOWS\system32\dllcache\smtpadm.dll
2007-11-21 16:54 54,528 --a--c--- F:\WINDOWS\system32\dllcache\cap7146.sys
2007-11-21 16:54 45,568 --a--c--- F:\WINDOWS\system32\dllcache\browscap.dll
2007-11-21 16:54 16,384 --a--c--- F:\WINDOWS\system32\dllcache\tcptsat.dll
2007-11-21 16:54 8,192 --a--c--- F:\WINDOWS\system32\dllcache\staxmem.dll
2007-11-21 16:53 281,600 --a--c--- F:\WINDOWS\system32\dllcache\certwiz.ocx
2007-11-21 16:53 184,435 --a--c--- F:\WINDOWS\system32\dllcache\fp4amsft.dll
2007-11-21 16:53 96,768 --a--c--- F:\WINDOWS\system32\dllcache\certmap.ocx
2007-11-21 16:53 78,336 --a--c--- F:\WINDOWS\system32\dllcache\logui.ocx
2007-11-21 16:53 77,824 --a--c--- F:\WINDOWS\system32\dllcache\cnfgprts.ocx
2007-11-21 16:53 47,104 --a--c--- F:\WINDOWS\system32\dllcache\coadmin.dll
2007-11-21 16:53 20,540 --a--c--- F:\WINDOWS\system32\dllcache\author.dll
2007-11-21 16:53 20,536 --a--c--- F:\WINDOWS\system32\dllcache\shtml.dll
2007-11-21 16:45 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2007-11-21 16:41 749 -rah----- F:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-21 16:41 488 -rah----- F:\WINDOWS\system32\logonui.exe.manifest
2007-11-21 16:37 42,577 --a--c--- F:\WINDOWS\system32\dllcache\bckgzm.exe
2007-11-21 16:37 42,575 --a--c--- F:\WINDOWS\system32\dllcache\chkrzm.exe
2007-11-21 16:37 42,573 --a--c--- F:\WINDOWS\system32\dllcache\shvlzm.exe
2007-11-21 16:37 42,573 --a--c--- F:\WINDOWS\system32\dllcache\hrtzzm.exe
2007-11-21 16:37 36,937 --a--c--- F:\WINDOWS\system32\dllcache\zclientm.exe
2007-11-21 16:23 20,992 --a------ F:\WINDOWS\system32\drivers\RTL8139.sys
2007-11-21 16:16 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
2007-11-21 16:16 13,312 --a------ F:\WINDOWS\system32\irclass.dll
2007-11-21 16:15 1,897,850 --a--c--- F:\WINDOWS\system32\dllcache\NT5.CAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 07:06 80,960 ----a-w F:\WINDOWS\system32\pygsngvh.dll
2007-11-25 10:15 --------- d-----w F:\Program Files\Lavasoft
2007-11-23 03:38 --------- d-----w F:\Program Files\vanBasco's Karaoke Player
2007-11-23 03:15 --------- d-----w F:\Program Files\Winamp
2007-11-23 01:54 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 20:06 --------- d-----w F:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-22 19:46 79,936 ----a-w F:\WINDOWS\system32\njtojvfn.dll
2007-11-21 22:45 --------- d-----w F:\Program Files\BAR
2007-11-17 18:35 --------- d-----w F:\Program Files\eMule
2007-11-17 07:31 --------- d-----w F:\Program Files\Fichiers communs\Real
2007-11-17 07:12 --------- d-----w F:\Program Files\Real
2007-11-16 03:29 --------- d-----w F:\Program Files\Creative
2007-11-13 03:24 --------- d-----w F:\Program Files\Fichiers communs\Adobe
2007-11-12 22:56 --------- d-----w F:\Program Files\ABBYY FineReader 8.0 Professional Edition
2007-11-12 06:04 --------- d-----w F:\Program Files\ScanView
2007-11-12 06:03 --------- d-----w F:\Program Files\Restorer2000 Professional
2007-11-12 06:02 --------- d-----w F:\Program Files\QuickTime
2007-11-12 05:58 --------- d-----w F:\Program Files\PhoneTools
2007-11-12 05:53 --------- d-----w F:\Program Files\Monkey's Audio
2007-11-12 05:52 --------- d-----w F:\Program Files\MemTurbo
2007-11-12 05:39 --------- d-----w F:\Program Files\GetRight
2007-11-12 05:39 --------- d-----w F:\Program Files\Fichiers communs\Teleca Shared
2007-11-12 05:33 --------- d-----w F:\Program Files\ffdshow
2007-11-12 05:26 --------- d-----w F:\Program Files\DVD Flick
2007-11-12 05:26 --------- d-----w F:\Program Files\DVD Decrypter
2007-11-12 05:18 --------- d-----w F:\Program Files\coolpro2
2007-11-12 05:15 --------- d-----w F:\Program Files\CamStudio
2007-10-25 19:24 --------- d-----w F:\Program Files\Java
2007-10-23 17:25 --------- d-----w F:\Program Files\Medical Databases
2007-10-23 17:25 --------- d-----w F:\Documents and Settings\J.J. Dupont\Application Data\FileMaker
2007-10-22 18:20 --------- d-----w F:\Documents and Settings\J.J. Dupont\Application Data\Uniblue
2007-10-22 18:19 --------- d-----w F:\Program Files\Uniblue
2007-10-17 08:32 --------- d-----w F:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-17 08:31 --------- d-----w F:\Program Files\Apple Software Update
2007-10-17 08:31 --------- d-----w F:\Documents and Settings\All Users\Application Data\Apple
2007-10-13 04:54 --------- d-----w F:\Program Files\Womble MPEG Editor
2007-10-10 22:58 --------- d-----w F:\Program Files\UnH Solutions
2007-10-10 05:44 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-10-10 05:44 --------- d-----w F:\Program Files\Justdo Software
2007-10-10 05:44 --------- d-----w F:\Program Files\Fichiers communs\Justdo
2004-10-01 19:00 40,960 -c--a-w F:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02B39AF8-B98B-4002-8386-5EE894E599A1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CC51FAF-B0BD-4E97-AAE2-5F7D2CD632EF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B9FDBF-088D-4F60-93CF-F91AF8A7C231}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400AF1C5-8BBF-40A8-A5DD-D93B13010A75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4146F715-8A26-42B9-BDFB-65E1EB04F65B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41C1080F-1E00-495B-834D-790D7265EA47}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47597bc0-74aa-43c1-a19a-cc19253a88e6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e3dcaf3-accc-409a-ab80-51e8cf7e1bf1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61a6057d-bf6c-4031-90db-be12111ffd6a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669293c7-940c-4a33-b39f-b525e3c4ae95}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C32F27E-14D9-42BC-AC6E-2E3107A016FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F4FEB6-C91D-4106-A2E2-01CD82FF7DD7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a189c9cf-b422-4854-b7c0-d18d033327a1}]
2007-11-27 02:07 78912 --a------ F:\WINDOWS\system32\csospqmt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4E9D29D-3F0D-4A4E-86FC-6E0B6D501C37}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B73D2AEF-D5E0-4B98-9FA5-D8050F8EFB31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d79e9633-d14e-4f47-be29-7f3809a922b2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8551923-C8F8-4BA9-AE93-B8032A146FB6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFA487C-7C04-404D-9DE0-4F187DA57BA1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\genqfquf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hvuppwyf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdsvc]
kbdsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturpom]
vturpom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=F:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=F:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 18:51 39792 --a------ F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BAR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

R0 UNPR;UNPR;F:\WINDOWS\system32\unpr.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);F:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;F:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;F:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);F:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;F:\WINDOWS\system32\DRIVERS\w300obex.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-20 02:58:57 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 05:00:45 F:\WINDOWS\Tasks\At1.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-26 06:57:35 F:\WINDOWS\Tasks\At10.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 15:01:37 F:\WINDOWS\Tasks\At11.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 16:01:25 F:\WINDOWS\Tasks\At12.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 17:00:45 F:\WINDOWS\Tasks\At13.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 18:00:45 F:\WINDOWS\Tasks\At14.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 19:00:48 F:\WINDOWS\Tasks\At15.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 20:01:24 F:\WINDOWS\Tasks\At16.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 21:00:45 F:\WINDOWS\Tasks\At17.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 22:00:45 F:\WINDOWS\Tasks\At18.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-27 23:00:45 F:\WINDOWS\Tasks\At19.job"
"2007-11-28 06:01:33 F:\WINDOWS\Tasks\At2.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 00:00:46 F:\WINDOWS\Tasks\At20.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 01:01:35 F:\WINDOWS\Tasks\At21.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 02:01:38 F:\WINDOWS\Tasks\At22.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 03:00:48 F:\WINDOWS\Tasks\At23.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 04:01:29 F:\WINDOWS\Tasks\At24.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 07:00:52 F:\WINDOWS\Tasks\At3.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 08:00:49 F:\WINDOWS\Tasks\At4.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-28 09:00:52 F:\WINDOWS\Tasks\At5.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-26 10:00:47 F:\WINDOWS\Tasks\At6.job"
"2007-11-28 11:01:30 F:\WINDOWS\Tasks\At7.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-26 06:57:33 F:\WINDOWS\Tasks\At8.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
"2007-11-26 06:57:33 F:\WINDOWS\Tasks\At9.job"
- F:\WINDOWS\system32\aQLvs2F5.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 06:28:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-28 6:30:04
F:\ComboFix2.txt ... 2007-11-27 21:16
F:\ComboFix3.txt ... 2007-11-27 19:56
.
--- E O F ---

28 Novembre 2007 12:44:54

et celui de Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 06:31:59, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\devldr32.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\explorer.exe
F:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02B39AF8-B98B-4002-8386-5EE894E599A1} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CC51FAF-B0BD-4E97-AAE2-5F7D2CD632EF} - (no file)
O2 - BHO: (no name) - {21B9FDBF-088D-4F60-93CF-F91AF8A7C231} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {400AF1C5-8BBF-40A8-A5DD-D93B13010A75} - (no file)
O2 - BHO: (no name) - {4146F715-8A26-42B9-BDFB-65E1EB04F65B} - (no file)
O2 - BHO: (no name) - {41C1080F-1E00-495B-834D-790D7265EA47} - (no file)
O2 - BHO: (no name) - {47597bc0-74aa-43c1-a19a-cc19253a88e6} - (no file)
O2 - BHO: (no name) - {4e3dcaf3-accc-409a-ab80-51e8cf7e1bf1} - (no file)
O2 - BHO: (no name) - {61a6057d-bf6c-4031-90db-be12111ffd6a} - (no file)
O2 - BHO: (no name) - {669293c7-940c-4a33-b39f-b525e3c4ae95} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8C32F27E-14D9-42BC-AC6E-2E3107A016FA} - (no file)
O2 - BHO: (no name) - {A0F4FEB6-C91D-4106-A2E2-01CD82FF7DD7} - (no file)
O2 - BHO: {1a723330-d81d-0c7b-4584-224bfc9c981a} - {a189c9cf-b422-4854-b7c0-d18d033327a1} - F:\WINDOWS\system32\csospqmt.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - F:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: (no name) - {A4E9D29D-3F0D-4A4E-86FC-6E0B6D501C37} - (no file)
O2 - BHO: (no name) - {B73D2AEF-D5E0-4B98-9FA5-D8050F8EFB31} - (no file)
O2 - BHO: (no name) - {d79e9633-d14e-4f47-be29-7f3809a922b2} - (no file)
O2 - BHO: (no name) - {E8551923-C8F8-4BA9-AE93-B8032A146FB6} - (no file)
O2 - BHO: (no name) - {FFFA487C-7C04-404D-9DE0-4F187DA57BA1} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan....
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: genqfquf - F:\WINDOWS\
O20 - Winlogon Notify: hvuppwyf - F:\WINDOWS\
O20 - Winlogon Notify: kbdsvc - kbdsvc.dll (file missing)
O20 - Winlogon Notify: vturpom - vturpom.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - F:\WINDOWS\system32\wdfmgr.exe (file missing)

28 Novembre 2007 15:35:16

bonjour

ce n'était pas la peine de passer Combofix plusieurs fois de suite. un seul passage et tu postes le rapport. C'est un outil puissant...

avant de commencer, upload ce fichier stp:
F:\WINDOWS\system32\aQLvs2F5.exe
ici:
http://upload.malekal.com/

Citation :
Pour afficher les dossiers et fichiers cachés du système:
Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.

+++++++++++++++++++++


Copie (Ctrl+C) le texte ci-dessous :
File::
F:\WINDOWS\system32\csospqmt.dll
F:\WINDOWS\system32\coaruooc.ini
F:\WINDOWS\system32\hmblmbct.dll
F:\WINDOWS\system32\mwitegpc.ini
F:\WINDOWS\system32\aQLvs2F5.exe
F:\WINDOWS\system32\vuuuxgiy.dll
F:\WINDOWS\system32\ujdnvkho.ini
F:\WINDOWS\system32\pygsngvh.dll
F:\WINDOWS\system32\njtojvfn.dll
F:\WINDOWS\Tasks\At1.job
F:\WINDOWS\Tasks\At2.job
F:\WINDOWS\Tasks\At3.job
F:\WINDOWS\Tasks\At4.job
F:\WINDOWS\Tasks\At5.job
F:\WINDOWS\Tasks\At6.job
F:\WINDOWS\Tasks\At7.job
F:\WINDOWS\Tasks\At8.job
F:\WINDOWS\Tasks\At9.job
F:\WINDOWS\Tasks\At10.job
F:\WINDOWS\Tasks\At11.job
F:\WINDOWS\Tasks\At12.job
F:\WINDOWS\Tasks\At13.job
F:\WINDOWS\Tasks\At14.job
F:\WINDOWS\Tasks\At15.job
F:\WINDOWS\Tasks\At16.job
F:\WINDOWS\Tasks\At17.job
F:\WINDOWS\Tasks\At18.job
F:\WINDOWS\Tasks\At19.job
F:\WINDOWS\Tasks\At20.job
F:\WINDOWS\Tasks\At21.job
F:\WINDOWS\Tasks\At22.job
F:\WINDOWS\Tasks\At23.job
F:\WINDOWS\Tasks\At24.job

Folder::
F:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02B39AF8-B98B-4002-8386-5EE894E599A1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CC51FAF-B0BD-4E97-AAE2-5F7D2CD632EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B9FDBF-088D-4F60-93CF-F91AF8A7C231}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{400AF1C5-8BBF-40A8-A5DD-D93B13010A75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4146F715-8A26-42B9-BDFB-65E1EB04F65B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41C1080F-1E00-495B-834D-790D7265EA47}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47597bc0-74aa-43c1-a19a-cc19253a88e6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e3dcaf3-accc-409a-ab80-51e8cf7e1bf1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61a6057d-bf6c-4031-90db-be12111ffd6a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669293c7-940c-4a33-b39f-b525e3c4ae95}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C32F27E-14D9-42BC-AC6E-2E3107A016FA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F4FEB6-C91D-4106-A2E2-01CD82FF7DD7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a189c9cf-b422-4854-b7c0-d18d033327a1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4E9D29D-3F0D-4A4E-86FC-6E0B6D501C37}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B73D2AEF-D5E0-4B98-9FA5-D8050F8EFB31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d79e9633-d14e-4f47-be29-7f3809a922b2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8551923-C8F8-4BA9-AE93-B8032A146FB6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFA487C-7C04-404D-9DE0-4F187DA57BA1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\genqfquf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hvuppwyf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdsvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturpom]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    a b 8 Sécurité
    28 Novembre 2007 17:02:19

    Il prend pas les jokers CF ?
    28 Novembre 2007 19:52:43

    Merci angeldark (désolé pour le décalage, j'suis à montréal)
    alors voici le travail:

    ComboFix 07-11-19.4 - Administrateur 2007-11-28 13:24:04.4 - NTFSx86
    Running from: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: F:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    F:\WINDOWS\system32\aQLvs2F5.exe
    F:\WINDOWS\system32\coaruooc.ini
    F:\WINDOWS\system32\csospqmt.dll
    F:\WINDOWS\system32\hmblmbct.dll
    F:\WINDOWS\system32\mwitegpc.ini
    F:\WINDOWS\system32\njtojvfn.dll
    F:\WINDOWS\system32\pygsngvh.dll
    F:\WINDOWS\system32\ujdnvkho.ini
    F:\WINDOWS\system32\vuuuxgiy.dll
    F:\WINDOWS\Tasks\At1.job
    F:\WINDOWS\Tasks\At10.job
    F:\WINDOWS\Tasks\At11.job
    F:\WINDOWS\Tasks\At12.job
    F:\WINDOWS\Tasks\At13.job
    F:\WINDOWS\Tasks\At14.job
    F:\WINDOWS\Tasks\At15.job
    F:\WINDOWS\Tasks\At16.job
    F:\WINDOWS\Tasks\At17.job
    F:\WINDOWS\Tasks\At18.job
    F:\WINDOWS\Tasks\At19.job
    F:\WINDOWS\Tasks\At2.job
    F:\WINDOWS\Tasks\At20.job
    F:\WINDOWS\Tasks\At21.job
    F:\WINDOWS\Tasks\At22.job
    F:\WINDOWS\Tasks\At23.job
    F:\WINDOWS\Tasks\At24.job
    F:\WINDOWS\Tasks\At3.job
    F:\WINDOWS\Tasks\At4.job
    F:\WINDOWS\Tasks\At5.job
    F:\WINDOWS\Tasks\At6.job
    F:\WINDOWS\Tasks\At7.job
    F:\WINDOWS\Tasks\At8.job
    F:\WINDOWS\Tasks\At9.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\VundoFix Backups
    F:\VundoFix Backups\genqfquf.dllbox.bad
    F:\VundoFix Backups\hhpwdssq.dll.bad
    F:\VundoFix Backups\hvuppwyf.dll.bad
    F:\VundoFix Backups\hvuppwyf.dllbox.bad
    F:\VundoFix Backups\tstyyuhd.dllbox.bad
    F:\WINDOWS\system32\aQLvs2F5.exe
    F:\WINDOWS\system32\coaruooc.ini
    F:\WINDOWS\system32\csospqmt.dll
    F:\WINDOWS\system32\hmblmbct.dll
    F:\WINDOWS\system32\mwitegpc.ini
    F:\WINDOWS\system32\njtojvfn.dll
    F:\WINDOWS\system32\pygsngvh.dll
    F:\WINDOWS\system32\ujdnvkho.ini
    F:\WINDOWS\system32\vuuuxgiy.dll
    F:\WINDOWS\Tasks\At1.job
    F:\WINDOWS\Tasks\At10.job
    F:\WINDOWS\Tasks\At11.job
    F:\WINDOWS\Tasks\At12.job
    F:\WINDOWS\Tasks\At13.job
    F:\WINDOWS\Tasks\At14.job
    F:\WINDOWS\Tasks\At15.job
    F:\WINDOWS\Tasks\At16.job
    F:\WINDOWS\Tasks\At17.job
    F:\WINDOWS\Tasks\At18.job
    F:\WINDOWS\Tasks\At19.job
    F:\WINDOWS\Tasks\At2.job
    F:\WINDOWS\Tasks\At20.job
    F:\WINDOWS\Tasks\At21.job
    F:\WINDOWS\Tasks\At22.job
    F:\WINDOWS\Tasks\At23.job
    F:\WINDOWS\Tasks\At24.job
    F:\WINDOWS\Tasks\At3.job
    F:\WINDOWS\Tasks\At4.job
    F:\WINDOWS\Tasks\At5.job
    F:\WINDOWS\Tasks\At6.job
    F:\WINDOWS\Tasks\At7.job
    F:\WINDOWS\Tasks\At8.job
    F:\WINDOWS\Tasks\At9.job

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-28 04:41 2,560 --a------ F:\WINDOWS\system32\settings.aaw
    2007-11-28 04:41 976 --a------ F:\WINDOWS\system32\history.aaw
    2007-11-28 01:16 <REP> dr------- F:\Documents and Settings\LocalService\Favoris
    2007-11-28 00:17 70,656 --a--c--- F:\WINDOWS\system32\dllcache\notepad.exe
    2007-11-27 20:24 24,576 --a------ F:\WINDOWS\system32\VundoFixSVC.exe
    2007-11-27 13:47 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Uniblue
    2007-11-26 06:19 6,058,496 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll
    2007-11-26 06:19 2,455,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-11-26 06:19 1,048,576 -----c--- F:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-11-26 06:19 383,488 -----c--- F:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-11-26 06:19 267,776 -----c--- F:\WINDOWS\system32\dllcache\iertutil.dll
    2007-11-26 06:19 63,488 -----c--- F:\WINDOWS\system32\dllcache\icardie.dll
    2007-11-26 06:19 13,824 -----c--- F:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-11-26 06:17 <REP> d-------- F:\WINDOWS\system32\fr-fr
    2007-11-26 03:21 23,040 -----c--- F:\WINDOWS\system32\dllcache\fltmc.exe
    2007-11-26 03:15 <REP> dr------- F:\Documents and Settings\NetworkService\Favoris
    2007-11-26 03:06 <REP> d-------- F:\Program Files\MSXML 4.0
    2007-11-25 05:15 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-25 03:55 <REP> d--h----- F:\WINDOWS\system32\GroupPolicy
    2007-11-23 11:26 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Ahead
    2007-11-23 11:26 1,994,752 --------- F:\WINDOWS\UNNeroVision.exe
    2007-11-23 11:15 125,184 --a------ F:\WINDOWS\system32\drivers\imagesrv.sys
    2007-11-23 11:15 5,504 --a------ F:\WINDOWS\system32\drivers\imagedrv.sys
    2007-11-23 11:14 <REP> d-------- F:\Program Files\Fichiers communs\Ahead
    2007-11-23 11:14 <REP> d-------- F:\Program Files\Ahead
    2007-11-22 14:21 <REP> d--hs---- F:\Documents and Settings\Administrateur\UserData
    2007-11-22 01:27 <REP> d-------- F:\Documents and Settings\Administrateur\DoctorWeb
    2007-11-21 17:26 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
    2007-11-21 17:00 571,392 --a--c--- F:\WINDOWS\system32\dllcache\tintlgnt.ime
    2007-11-21 17:00 185,344 --a--c--- F:\WINDOWS\system32\dllcache\thawbrkr.dll
    2007-11-21 17:00 46,592 --a--c--- F:\WINDOWS\system32\dllcache\svcext51.dll
    2007-11-21 17:00 31,232 --a--c--- F:\WINDOWS\system32\dllcache\tools.dll
    2007-11-21 17:00 21,896 --a--c--- F:\WINDOWS\system32\dllcache\tdipx.sys
    2007-11-21 17:00 19,464 --a--c--- F:\WINDOWS\system32\dllcache\tdspx.sys
    2007-11-21 17:00 13,192 --a--c--- F:\WINDOWS\system32\dllcache\tdasync.sys
    2007-11-21 17:00 10,752 --a--c--- F:\WINDOWS\system32\dllcache\smtpapi.dll
    2007-11-21 17:00 10,240 --a--c--- F:\WINDOWS\system32\dllcache\tmigrate.dll
    2007-11-21 16:59 31,744 --a--c--- F:\WINDOWS\system32\dllcache\pagecnt.dll
    2007-11-21 16:58 53,248 --a--c--- F:\WINDOWS\system32\dllcache\nextlink.dll
    2007-11-21 16:58 45,056 --a--c--- F:\WINDOWS\system32\dllcache\nsepm.dll
    2007-11-21 16:57 257,024 --a--c--- F:\WINDOWS\system32\dllcache\infocomm.dll
    2007-11-21 16:57 145,408 --a--c--- F:\WINDOWS\system32\dllcache\iische51.dll
    2007-11-21 16:57 60,928 --a--c--- F:\WINDOWS\system32\dllcache\iisclex4.dll
    2007-11-21 16:57 25,088 --a--c--- F:\WINDOWS\system32\dllcache\iisadmin.dll
    2007-11-21 16:57 23,040 --a--c--- F:\WINDOWS\system32\dllcache\lpdsvc.dll
    2007-11-21 16:57 19,456 --a--c--- F:\WINDOWS\system32\dllcache\lprmon.dll
    2007-11-21 16:57 19,456 --a--c--- F:\WINDOWS\system32\dllcache\iiscrmap.dll
    2007-11-21 16:57 13,312 --a--c--- F:\WINDOWS\system32\dllcache\lonsint.dll
    2007-11-21 16:56 10,096,640 --a--c--- F:\WINDOWS\system32\dllcache\hwxcht.dll
    2007-11-21 16:56 268,288 --a--c--- F:\WINDOWS\system32\dllcache\httpext.dll
    2007-11-21 16:56 62,464 --a--c--- F:\WINDOWS\system32\dllcache\httpod51.dll
    2007-11-21 16:56 8,192 --a--c--- F:\WINDOWS\system32\dllcache\httpmb51.dll
    2007-11-21 16:56 6,144 --a--c--- F:\WINDOWS\system32\dllcache\ftlx041e.dll
    2007-11-21 16:55 198,656 --a--c--- F:\WINDOWS\system32\dllcache\cintime.dll
    2007-11-21 16:55 173,568 --a--c--- F:\WINDOWS\system32\dllcache\chtskf.dll
    2007-11-21 16:55 97,792 --a--c--- F:\WINDOWS\system32\dllcache\chtmbx.dll
    2007-11-21 16:55 57,856 --a--c--- F:\WINDOWS\system32\dllcache\esuimgd.dll
    2007-11-21 16:55 56,320 --a--c--- F:\WINDOWS\system32\dllcache\chtskdic.dll
    2007-11-21 16:55 45,568 --a--c--- F:\WINDOWS\system32\dllcache\esunid.dll
    2007-11-21 16:55 33,792 --a--c--- F:\WINDOWS\system32\dllcache\controt.dll
    2007-11-21 16:55 31,744 --a--c--- F:\WINDOWS\system32\dllcache\esucmd.dll
    2007-11-21 16:55 25,856 --a--c--- F:\WINDOWS\system32\dllcache\et4000.sys
    2007-11-21 16:55 24,064 --a--c--- F:\WINDOWS\system32\dllcache\compfilt.dll
    2007-11-21 16:55 21,504 --a--c--- F:\WINDOWS\system32\dllcache\cintlgnt.ime
    2007-11-21 16:55 20,480 --a--c--- F:\WINDOWS\system32\dllcache\counters.dll
    2007-11-21 16:54 2,134,528 --a--c--- F:\WINDOWS\system32\dllcache\smtpsnap.dll
    2007-11-21 16:54 189,440 --a--c--- F:\WINDOWS\system32\dllcache\smtpadm.dll
    2007-11-21 16:54 54,528 --a--c--- F:\WINDOWS\system32\dllcache\cap7146.sys
    2007-11-21 16:54 45,568 --a--c--- F:\WINDOWS\system32\dllcache\browscap.dll
    2007-11-21 16:54 16,384 --a--c--- F:\WINDOWS\system32\dllcache\tcptsat.dll
    2007-11-21 16:54 8,192 --a--c--- F:\WINDOWS\system32\dllcache\staxmem.dll
    2007-11-21 16:53 281,600 --a--c--- F:\WINDOWS\system32\dllcache\certwiz.ocx
    2007-11-21 16:53 184,435 --a--c--- F:\WINDOWS\system32\dllcache\fp4amsft.dll
    2007-11-21 16:53 96,768 --a--c--- F:\WINDOWS\system32\dllcache\certmap.ocx
    2007-11-21 16:53 78,336 --a--c--- F:\WINDOWS\system32\dllcache\logui.ocx
    2007-11-21 16:53 77,824 --a--c--- F:\WINDOWS\system32\dllcache\cnfgprts.ocx
    2007-11-21 16:53 47,104 --a--c--- F:\WINDOWS\system32\dllcache\coadmin.dll
    2007-11-21 16:53 20,540 --a--c--- F:\WINDOWS\system32\dllcache\author.dll
    2007-11-21 16:53 20,536 --a--c--- F:\WINDOWS\system32\dllcache\shtml.dll
    2007-11-21 16:45 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
    2007-11-21 16:41 749 -rah----- F:\WINDOWS\system32\wuaucpl.cpl.manifest
    2007-11-21 16:37 42,577 --a--c--- F:\WINDOWS\system32\dllcache\bckgzm.exe
    2007-11-21 16:37 42,575 --a--c--- F:\WINDOWS\system32\dllcache\chkrzm.exe
    2007-11-21 16:37 42,573 --a--c--- F:\WINDOWS\system32\dllcache\shvlzm.exe
    2007-11-21 16:37 42,573 --a--c--- F:\WINDOWS\system32\dllcache\hrtzzm.exe
    2007-11-21 16:37 36,937 --a--c--- F:\WINDOWS\system32\dllcache\zclientm.exe
    2007-11-21 16:23 20,992 --a------ F:\WINDOWS\system32\drivers\RTL8139.sys
    2007-11-21 16:16 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
    2007-11-21 16:16 13,312 --a------ F:\WINDOWS\system32\irclass.dll
    2007-11-21 16:15 1,897,850 --a--c--- F:\WINDOWS\system32\dllcache\NT5.CAT
    2007-11-21 16:15 1,086,058 --a--c--- F:\WINDOWS\system32\dllcache\NTPRINT.CAT
    2007-11-21 16:15 809,394 --a--c--- F:\WINDOWS\system32\dllcache\NT5IIS.CAT
    2007-11-21 16:15 622,820 --a--c--- F:\WINDOWS\system32\dllcache\NT5INF.CAT
    2007-11-21 16:15 103,124 --a--c--- F:\WINDOWS\system32\dllcache\tabletpc.cat
    2007-11-21 16:15 30,983 --a--c--- F:\WINDOWS\system32\dllcache\FP4.CAT
    2007-11-21 16:15 13,497 --a--c--- F:\WINDOWS\system32\dllcache\HPCRDP.CAT
    2007-11-21 16:15 8,599 --a--c--- F:\WINDOWS\system32\dllcache\IASNT4.CAT
    2007-11-21 16:15 7,382 --a--c--- F:\WINDOWS\system32\dllcache\OEMBIOS.CAT
    2007-11-20 15:05 <REP> d--h----- F:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-11-20 15:05 <REP> d--h----- F:\Documents and Settings\Administrateur\Voisinage d'impression

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-25 10:15 --------- d-----w F:\Program Files\Lavasoft
    2007-11-23 03:38 --------- d-----w F:\Program Files\vanBasco's Karaoke Player
    2007-11-23 03:15 --------- d-----w F:\Program Files\Winamp
    2007-11-23 01:54 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-22 20:06 --------- d-----w F:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-21 22:45 --------- d-----w F:\Program Files\BAR
    2007-11-17 18:35 --------- d-----w F:\Program Files\eMule
    2007-11-17 07:31 --------- d-----w F:\Program Files\Fichiers communs\Real
    2007-11-17 07:12 --------- d-----w F:\Program Files\Real
    2007-11-16 03:29 --------- d-----w F:\Program Files\Creative
    2007-11-13 03:24 --------- d-----w F:\Program Files\Fichiers communs\Adobe
    2007-11-12 22:56 --------- d-----w F:\Program Files\ABBYY FineReader 8.0 Professional Edition
    2007-11-12 06:04 --------- d-----w F:\Program Files\ScanView
    2007-11-12 06:03 --------- d-----w F:\Program Files\Restorer2000 Professional
    2007-11-12 06:02 --------- d-----w F:\Program Files\QuickTime
    2007-11-12 05:58 --------- d-----w F:\Program Files\PhoneTools
    2007-11-12 05:53 --------- d-----w F:\Program Files\Monkey's Audio
    2007-11-12 05:52 --------- d-----w F:\Program Files\MemTurbo
    2007-11-12 05:39 --------- d-----w F:\Program Files\GetRight
    2007-11-12 05:39 --------- d-----w F:\Program Files\Fichiers communs\Teleca Shared
    2007-11-12 05:33 --------- d-----w F:\Program Files\ffdshow
    2007-11-12 05:26 --------- d-----w F:\Program Files\DVD Flick
    2007-11-12 05:26 --------- d-----w F:\Program Files\DVD Decrypter
    2007-11-12 05:18 --------- d-----w F:\Program Files\coolpro2
    2007-11-12 05:15 --------- d-----w F:\Program Files\CamStudio
    2007-10-25 19:24 --------- d-----w F:\Program Files\Java
    2007-10-23 17:25 --------- d-----w F:\Program Files\Medical Databases
    2007-10-23 17:25 --------- d-----w F:\Documents and Settings\J.J. Dupont\Application Data\FileMaker
    2007-10-22 18:20 --------- d-----w F:\Documents and Settings\J.J. Dupont\Application Data\Uniblue
    2007-10-22 18:19 --------- d-----w F:\Program Files\Uniblue
    2007-10-17 08:32 --------- d-----w F:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-17 08:31 --------- d-----w F:\Program Files\Apple Software Update
    2007-10-17 08:31 --------- d-----w F:\Documents and Settings\All Users\Application Data\Apple
    2007-10-13 04:54 --------- d-----w F:\Program Files\Womble MPEG Editor
    2007-10-10 22:58 --------- d-----w F:\Program Files\UnH Solutions
    2007-10-10 05:44 --------- d--h--w F:\Program Files\InstallShield Installation Information
    2007-10-10 05:44 --------- d-----w F:\Program Files\Justdo Software
    2007-10-10 05:44 --------- d-----w F:\Program Files\Fichiers communs\Justdo
    2004-10-01 19:00 40,960 -c--a-w F:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-28_ 6.28.30,27 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-28 18:30:22 16,384 ----atw F:\WINDOWS\TEMP\Perflib_Perfdata_4dc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
    "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturpom]
    vturpom.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    backup=F:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    backup=F:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 18:51 39792 --a------ F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BAR]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    F:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gusvc"=3 (0x3)

    R0 UNPR;UNPR;F:\WINDOWS\system32\unpr.sys
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);F:\WINDOWS\system32\DRIVERS\w300bus.sys
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;F:\WINDOWS\system32\DRIVERS\w300mdfl.sys
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;F:\WINDOWS\system32\DRIVERS\w300mdm.sys
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);F:\WINDOWS\system32\DRIVERS\w300mgmt.sys
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;F:\WINDOWS\system32\DRIVERS\w300obex.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-20 02:58:57 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - F:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 13:31:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-28 13:34:41 - machine was rebooted
    F:\ComboFix2.txt ... 2007-11-28 06:30
    F:\ComboFix3.txt ... 2007-11-27 21:16
    .
    --- E O F ---
    28 Novembre 2007 20:28:04

    Citation :
    Merci angeldark (désolé pour le décalage, j'suis à montréal)

    heu, comment dire... c'est moi qui m'occupe de ta désinfection :whistle: 

    reposte un log hijackthis stp
    a b 8 Sécurité
    28 Novembre 2007 20:29:47

    :lol: 
    /me sors
    28 Novembre 2007 20:42:07

    ¦¬þ
    t'as pas assez de sujets comme ça?
    a b 8 Sécurité
    28 Novembre 2007 20:46:08

    Nan pas pour l'instant.
    /me fera le ménage ici quand il y pensera :D 
    29 Novembre 2007 04:22:46

    veri welle Sham-Rock
    sank you and excuze my french
    29 Novembre 2007 06:06:21

    À qui de droit :) 

    Logfile of HijackThis v1.99.1
    Scan saved at 00:03:35, on 2007-11-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\WINDOWS\Explorer.EXE
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - F:\Program Files\Fichiers communs\Justdo\Jd2002.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - F:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html...
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan....
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: vturpom - vturpom.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - F:\WINDOWS\system32\wdfmgr.exe (file missing)

    29 Novembre 2007 17:08:43

    bonjour

    supprime C:\qoobox et vide ta corbeille

    tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    1 Décembre 2007 11:04:06

    Vraiment merci pour tout les boys !!
    Je suis irradié devant tant de génie...

    Une question: est-ce que ça vaut la peine de se procurer la version payante à 20 euros ( la version Avira AntiVir PersonalEdition Premium) qui possède en plus:
    Protection against spyware and adware - - Special protection against email viruses (POP 3) .

    ou celle à 40 euros pour Avira Premium Security Suite qui elle inclue en plus Proactive AntiPhishing - - Inclusive FireWall - - Inclusive AntiSpam - - WebGuard to surf and download safely.

    Pour voir le tableau comparatif complet:
    http://www.avira.com/en/products/personal.html

    Encore un gros merci!
    Luc
    1 Décembre 2007 11:14:20

    Encore une derniere question: un conseil pour un bon firewall? j'avais CA etrust antivirus mais j'ai pas aimé...
    est-ce que Comodo en combinison avec antivir ferait l'affaire?
    1 Décembre 2007 15:04:00

    bonjour

    je t'avais demandé un rapport de scan avec antivir ;) 
    la version gratuite est suffisante

    comodo est pas mal, kerio aussi :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS