Se connecter / S'enregistrer
Votre question

Problèmes signalés par avast, et mon spybot! au secours :s

Tags :
  • Spybot
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Novembre 2007 14:27:39

Problèmes signalés par avast, et mon spybot :s
trojan+cheval de troie+un triangle jaune avec point d'exclamation noir:



Bonjours, en fait, je n'arrête pas de recevoir des messages me disant que je suis infécté par un spyware, ou un autre truck dont j'ai oublié le nom (c'était en anglais)!
c'est un triangle jaune, avec un point d'exclamation noir au centre.

Mon avast me signale égallement un trojan, et deux autres sortes d'infection, je crois... dont cheval de troie...

des fenêtres: "Fatal error",
"critical systême warning"
quelques autres encore.... se montrent

des bulles sortent du triangle jaune:
"systême alert: malware threats"
"systêmeperformance monitor: Warning"
"Security Alert: spyware found"
...et d'autres encore!



j'en peu plus :s... aidez moi svp!






Je vous colle donc ici mon rapport Hijack, en espérant que vous puissiez faire quelque chose pour moi!:








Logfile of HijackThis v1.99.1
Scan saved at 13:58:02, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\dttmdgis.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wpabaln.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\SoftwareDistribution\Download\8a85dfd65efe3ce79ca8bcef055ca8bd\update\update.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\Helder\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\ujcthrgw.dll
O4 - HKLM\..\Run: [Windows Logon Application] D:\WINDOWS\system32\logon.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\__c002BF12.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - D:\WINDOWS\system32\dttmdgis.exe

Autres pages sur : problemes signales avast spybot secours

21 Novembre 2007 15:04:57

j'ai dis bonjours, regardes plus haut :) 

merci en tous cas et voilà ce que tu m'as demandé:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:00, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\dttmdgis.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wpabaln.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - D:\WINDOWS\system32\ujcthrgw.dll
O4 - HKLM\..\Run: [Windows Logon Application] D:\WINDOWS\system32\logon.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: D:\WINDOWS\system32\__c002BF12.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - D:\WINDOWS\system32\dttmdgis.exe

--
End of file - 3539 bytes
Contenus similaires
a b 8 Sécurité
21 Novembre 2007 16:51:34

Sorry 2 fois, me suis trompé de topic :/ 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    21 Novembre 2007 17:31:10

    C'est grave docteur ? ^^


    Voilà, comme convenu chef :) 











    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 17:00:07 21/11/2007

    Listing files found while scanning....

    D:\windows\system32\__c002BF12.dat
    D:\windows\system32\cgwjifvo.dll
    D:\windows\system32\mpsut.ini
    D:\windows\system32\mpsut.ini2
    D:\windows\system32\tuspm.dll
    D:\windows\system32\tywsghkf.dll
    D:\WINDOWS\system32\ujcthrgw.dll
    D:\windows\system32\ujcthrgw.dllbox
    D:\WINDOWS\system32\yayywxw.dll

    Beginning removal...

    Attempting to delete D:\windows\system32\__c002BF12.dat
    D:\windows\system32\__c002BF12.dat Could not be deleted.

    Attempting to delete D:\windows\system32\cgwjifvo.dll
    D:\windows\system32\cgwjifvo.dll Has been deleted!

    Attempting to delete D:\windows\system32\mpsut.ini
    D:\windows\system32\mpsut.ini Has been deleted!

    Attempting to delete D:\windows\system32\mpsut.ini2
    D:\windows\system32\mpsut.ini2 Has been deleted!

    Attempting to delete D:\windows\system32\tuspm.dll
    D:\windows\system32\tuspm.dll Has been deleted!

    Attempting to delete D:\windows\system32\tywsghkf.dll
    D:\windows\system32\tywsghkf.dll Has been deleted!

    Attempting to delete D:\WINDOWS\system32\ujcthrgw.dll
    D:\WINDOWS\system32\ujcthrgw.dll Has been deleted!

    Attempting to delete D:\windows\system32\ujcthrgw.dllbox
    D:\windows\system32\ujcthrgw.dllbox Has been deleted!

    Attempting to delete D:\WINDOWS\system32\yayywxw.dll
    D:\WINDOWS\system32\yayywxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete D:\windows\system32\__c002BF12.dat
    D:\windows\system32\__c002BF12.dat Could not be deleted.

    Attempting to delete D:\WINDOWS\system32\yayywxw.dll
    D:\WINDOWS\system32\yayywxw.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 17:15:39 21/11/2007

    Listing files found while scanning....

    D:\windows\system32\__c002BF12.dat

    Beginning removal...

    Attempting to delete D:\windows\system32\__c002BF12.dat
    D:\windows\system32\__c002BF12.dat Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete D:\windows\system32\__c002BF12.dat
    D:\windows\system32\__c002BF12.dat Could not be deleted.

    Performing Repairs to the registry.
    Done!
    21 Novembre 2007 17:32:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:31:50, on 21/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\dttmdgis.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wpabaln.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {0A2493AE-1D27-4EF7-9135-28C7277C8AC6} - D:\WINDOWS\system32\tuspm.dll (file missing)
    O2 - BHO: {311d4f7b-3487-c6db-f7f4-5f09fa9900b3} - {3b0099af-90f5-4f7f-bd6c-7843b7f4d113} - D:\WINDOWS\system32\xbgwqpnq.dll
    O2 - BHO: (no name) - {3E154D70-9409-4F1C-BC6F-7397C91E09C4} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: (no name) - {E0587107-2243-49BB-B125-D54BD5D54D68} - (no file)
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [Windows Logon Application] D:\WINDOWS\system32\logon.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: D:\WINDOWS\system32\__c002BF12.dat
    O20 - Winlogon Notify: tuvwwxx - D:\WINDOWS\SYSTEM32\tuvwwxx.dll
    O20 - Winlogon Notify: yayywxw - D:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - - D:\WINDOWS\system32\dttmdgis.exe

    --
    End of file - 4548 bytes
    21 Novembre 2007 19:11:30

    oups, j'ai rien dis! je te donne ça, quand j'ai fini :) 
    21 Novembre 2007 19:45:57

    j'ai un problème! y a une detection du virus que l'autre logiciel n'a pas éffacé, mais j'arrive à rien! j'arrive pas à le supprimer, et il continu de me le montrer, j'appuie sur "ok" et sa revient....

    c'est bizzard, je fais quoi?
    21 Novembre 2007 20:03:29

    il semblerai que je sois parvenu à lancer le scan, je posterai donc ici le résultat :) 
    21 Novembre 2007 20:56:34



    AntiVir PersonalEdition Classic
    Report file date: mercredi 21 novembre 2007 19:58

    Scanning for 939210 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: RGTH-WF22M9N356

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 18:48:01
    ANTIVIR3.VDF : 7.0.0.244 191488 Bytes 21/11/2007 18:48:01
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 21/11/2007 18:48:01
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 21 novembre 2007 19:58

    The scan of running processes will be started
    Scan process 'avscan.exe' - '0' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '0' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'wpabaln.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'stndk.exe' - '1' Module(s) have been scanned
    Module is infected -> 'D:\WINDOWS\system32\stndk.exe'
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dttmdgis.exe' - '1' Module(s) have been scanned
    Module is infected -> 'D:\WINDOWS\system32\dttmdgis.exe'
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'stndk.exe' has been terminated
    Process 'dttmdgis.exe' has been terminated
    D:\WINDOWS\system32\stndk.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47b28057.qua'!
    D:\WINDOWS\system32\dttmdgis.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was deleted!

    46 processes with 44 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    D:\WINDOWS\system32\logon.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.78439
    [INFO] The file was deleted!
    D:\WINDOWS\system32\logon.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.78439
    D:\WINDOWS\system32\Logon.EXE
    [WARNING] The file could not be opened!

    The registry was scanned ( '23' files ).


    Starting the file scan:

    Begin scan in 'C:\' <secours>
    Begin scan in 'D:\'
    D:\hiberfil.sys
    [WARNING] The file could not be opened!
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    D:\Documents and Settings\Helder\Local Settings\Temporary Internet Files\Content.IE5\GW048UGN\hctp[1]
    [DETECTION] Is the Trojan horse TR/Vundo.AU
    [INFO] The file was deleted!
    D:\Documents and Settings\Helder\Local Settings\Temporary Internet Files\Content.IE5\N3AEL4H9\upd32_v14[1]
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was deleted!
    D:\Documents and Settings\Helder\Local Settings\Temporary Internet Files\Content.IE5\Y00HMMQ6\mosx1024[1]
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was deleted!
    D:\Documents and Settings\Helder\Local Settings\Temporary Internet Files\Content.IE5\Y00HMMQ6\pochki20071106[1]
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP17\A0003679.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '477481f9.qua'!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP17\A0003681.dll
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP17\A0003682.dll
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP17\A0003683.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '477481fa.qua'!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP17\A0003684.exe
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0004967.exe
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0004970.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47748218.qua'!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0005933.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0005934.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0005935.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP23\A0005936.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP24\A0006089.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4774822a.qua'!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP24\A0006090.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [WARNING] The file could not be deleted!
    D:\System Volume Information\_restore{B8397542-2D7A-4B5D-BAE9-06F5A5CF2217}\RP24\A0006091.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.78439
    [INFO] The file was deleted!
    D:\VundoFix Backups\cgwjifvo.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was deleted!
    D:\VundoFix Backups\tuspm.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    D:\VundoFix Backups\tywsghkf.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was deleted!
    D:\VundoFix Backups\ujcthrgw.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was deleted!
    D:\VundoFix Backups\__c002BF12.dat.bad
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was deleted!
    D:\WINDOWS\system32\dhrggytw.dll
    [DETECTION] Is the Trojan horse TR/Vundo.AU
    [INFO] The file was deleted!
    D:\WINDOWS\system32\fccabyv.dll
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [WARNING] The file could not be deleted!
    D:\WINDOWS\system32\mljkl.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] The file could not be deleted!
    D:\WINDOWS\system32\rqrsqpm.dll
    [DETECTION] Is the Trojan horse TR/Drop.Age.11148.A
    [WARNING] The file could not be deleted!
    D:\WINDOWS\system32\xbgwqpnq.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [WARNING] The file could not be deleted!
    D:\WINDOWS\system32\__c002BF12.dat
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [WARNING] The file could not be deleted!
    Begin scan in 'E:\'
    Begin scan in 'F:\'


    End of the scan: mercredi 21 novembre 2007 20:40
    Used time: 42:21 min

    The scan has been done completely.

    2103 Scanning directories
    63624 Files were scanned
    28 viruses and/or unwanted programs were found
    6 Files were classified as suspicious:
    21 files were deleted
    0 files were repaired
    5 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    63596 Files not concerned
    482 Archives were scanned
    9 Warnings
    0 Notes

    a b 8 Sécurité
    21 Novembre 2007 21:40:15

    Reposte un rapport Hijackthis.
    21 Novembre 2007 22:13:11

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12:56, on 21/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {0A2493AE-1D27-4EF7-9135-28C7277C8AC6} - D:\WINDOWS\system32\tuspm.dll (file missing)
    O2 - BHO: {311d4f7b-3487-c6db-f7f4-5f09fa9900b3} - {3b0099af-90f5-4f7f-bd6c-7843b7f4d113} - D:\WINDOWS\system32\xbgwqpnq.dll (file missing)
    O2 - BHO: (no name) - {3E154D70-9409-4F1C-BC6F-7397C91E09C4} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - D:\WINDOWS\system32\tuvwwxx.dll
    O2 - BHO: (no name) - {DC769B89-3415-4C22-BC19-DB5C6B4CD3B1} - D:\WINDOWS\system32\mljkl.dll
    O2 - BHO: (no name) - {E0587107-2243-49BB-B125-D54BD5D54D68} - (no file)
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: d:\windows\system32\fccabyv.dll
    O20 - Winlogon Notify: tuvwwxx - D:\WINDOWS\SYSTEM32\tuvwwxx.dll
    O20 - Winlogon Notify: yayywxw - D:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\dttmdgis.exe (file missing)

    --
    End of file - 4283 bytes
    22 Novembre 2007 18:01:32

    re, je suis là :$ :) 
    22 Novembre 2007 18:18:48

    Antivir est meilleur que Avast! mais NOD32 lui?
    J'ai remplacé mon Avast! par NOD32 c'est bien?

    @ldr191: Alors comment trouves-tu ce forum? ^^
    22 Novembre 2007 19:00:06

    il est supert, les gens aussi sont supert gentils, et je n'en suis pas sur mais, il semblerait que mes soucis soient pratiquement résoluts. J'attends la suite maintenant :) 
    a b 8 Sécurité
    22 Novembre 2007 21:15:54

    On continue :) 

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    23 Novembre 2007 11:50:13

    J'espère que j'ai bien fait.... car après avoir lencé, je suis partit quelques minutes, et à mon retour, l'ordinateur avait redémarré et le scan était terminé.





    ComboFix 07-11-19.3 - Helder 2007-11-23 11:38:50.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.88 [GMT 1:00]
    Running from: D:\Documents and Settings\Helder\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    D:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    D:\Documents and Settings\Helder\Bureau\Live Safety Center.lnk
    D:\Documents and Settings\Helder\Bureau\Online Security Guide.lnk
    D:\Documents and Settings\Helder\Favoris\Online Security Guide.lnk

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-22 12:27 128,816 --a------ D:\WINDOWS\system32\TZLog.log
    2007-11-21 20:49 15 --a------ D:\WINDOWS\system32\2816488d
    2007-11-21 19:07 <REP> d-------- D:\Program Files\Avira
    2007-11-21 19:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2007-11-21 18:49 35,328 --a------ D:\WINDOWS\system32\xxywurs.dll
    2007-11-21 18:49 15,785 --a------ D:\WINDOWS\system32\faejxnhf.exe
    2007-11-21 18:49 8,222 --a------ D:\WINDOWS\system32\fccabyv.VIR
    2007-11-21 17:33 315,488 --a------ D:\WINDOWS\system32\mljkl.VIR
    2007-11-21 17:33 245,657 --ahs---- D:\WINDOWS\system32\lkjlm.ini2
    2007-11-21 17:33 245,657 --ahs---- D:\WINDOWS\system32\lkjlm.ini
    2007-11-21 17:28 35,328 --a------ D:\WINDOWS\system32\tuvwwxx.dll
    2007-11-21 17:00 <REP> d-------- D:\VundoFix Backups
    2007-11-21 15:03 <REP> d-------- D:\Program Files\Trend Micro
    2007-11-21 14:56 35,328 --a------ D:\WINDOWS\system32\xxyabya.dll
    2007-11-21 13:52 128,896 -----c--- D:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-11-21 13:52 23,040 -----c--- D:\WINDOWS\system32\dllcache\fltmc.exe
    2007-11-21 13:52 16,896 -----c--- D:\WINDOWS\system32\dllcache\fltlib.dll
    2007-11-21 13:33 35,328 --a------ D:\WINDOWS\system32\fcccdec.dll
    2007-11-21 12:07 8,510,976 -----c--- D:\WINDOWS\system32\dllcache\shell32.dll
    2007-11-21 12:03 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-11-21 11:56 35,328 --a------ D:\WINDOWS\system32\gebxxyv.dll
    2007-11-21 11:42 294 ---hs---- D:\WINDOWS\system32\wtyggrhd.ini
    2007-11-21 11:39 716,800 -----c--- D:\WINDOWS\system32\dllcache\sxs.dll
    2007-11-21 11:33 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-21 11:30 35,328 --a------ D:\WINDOWS\system32\awtqqnn.dll
    2007-11-20 21:48 <REP> d---s---- D:\Documents and Settings\Helder\UserData
    2007-11-20 21:27 0 --a------ D:\WINDOWS\system32\mcrh.tmp
    2007-11-20 20:40 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-11-20 20:40 207,736 --a------ D:\WINDOWS\system32\muweb.dll
    2007-11-20 20:40 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-11-20 20:29 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
    2007-11-20 20:26 <REP> d-------- D:\Documents and Settings\Helder\Contacts
    2007-11-20 20:25 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
    2007-11-20 20:25 <REP> d-------- D:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-20 20:19 <REP> d-------- D:\Program Files\Windows Live
    2007-11-20 20:19 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-20 20:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-20 20:16 35,328 --a------ D:\WINDOWS\system32\gebyabx.dll
    2007-11-20 19:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-20 19:14 35,328 --a------ D:\WINDOWS\system32\nnnnnkk.dll
    2007-11-20 17:31 35,328 --a------ D:\WINDOWS\system32\pmnmjhh.dll
    2007-11-20 16:57 35,328 --a------ D:\WINDOWS\system32\ddcyaxx.dll
    2007-11-20 16:50 <REP> d-------- D:\Program Files\MSN Toolbar
    2007-11-20 16:43 35,328 --a------ D:\WINDOWS\system32\jkkigge.dll
    2007-11-20 16:41 <REP> d-------- D:\WINDOWS\neufBOX_ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\USB Driver-Express
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Kit ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Fichiers communs\InstallShield
    2007-11-20 16:41 31,547 --a------ D:\WINDOWS\system32\drivers\usbiad.sys
    2007-11-20 16:27 35,328 --a------ D:\WINDOWS\system32\efcabyy.dll
    2007-11-20 15:38 35,328 --a------ D:\WINDOWS\system32\qomnmkl.dll
    2007-11-20 11:47 35,328 --a------ D:\WINDOWS\system32\urqpomj.dll
    2007-11-20 11:46 <REP> d-------- D:\Documents and Settings\LocalService\Menu D‚marrer
    2007-11-20 11:45 269 --a------ D:\WINDOWS\system32\spupdwxp.log
    2007-10-23 17:49 586,752 --a------ D:\WINDOWS\WLXPGSS.SCR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 15:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-19 21:02 --------- d-----w D:\Program Files\Alwil Software
    2007-11-19 20:25 --------- d-----w D:\Program Files\microsoft frontpage
    2007-11-19 20:24 --------- d-----w D:\Program Files\Services en ligne
    2007-11-19 20:23 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\ODBC
    2007-10-18 10:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A2493AE-1D27-4EF7-9135-28C7277C8AC6}]
    D:\WINDOWS\system32\tuspm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b0099af-90f5-4f7f-bd6c-7843b7f4d113}]
    D:\WINDOWS\system32\xbgwqpnq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E154D70-9409-4F1C-BC6F-7397C91E09C4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B538A53-0E56-407F-AF89-E48137255353}]
    D:\WINDOWS\system32\mljkl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    2007-11-21 17:28 35328 --a------ D:\WINDOWS\system32\tuvwwxx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0587107-2243-49BB-B125-D54BD5D54D68}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced DHTML Enable"="D:\WINDOWS\system32\dzmpgmfs.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"= D:\WINDOWS\system32\tuvwwxx.dll [2007-11-21 17:28 35328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxx]
    tuvwwxx.dll 2007-11-21 17:28 35328 D:\WINDOWS\system32\tuvwwxx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\fccabyv.dll

    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;D:\WINDOWS\system32\DRIVERS\usbiad.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-23 11:46:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-23 11:47:46 - machine was rebooted
    .
    --- E O F ---
    a b 8 Sécurité
    23 Novembre 2007 12:33:06

    Re,

    [#ff0000]Désactive ton antivirus ![/#f]

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    D:\WINDOWS\system32\xxywurs.dll
    D:\WINDOWS\system32\faejxnhf.exe
    D:\WINDOWS\system32\fccabyv.VIR
    D:\WINDOWS\system32\mljkl.VIR
    D:\WINDOWS\system32\lkjlm.ini2
    D:\WINDOWS\system32\lkjlm.ini
    D:\WINDOWS\system32\tuvwwxx.dll
    D:\WINDOWS\system32\xxyabya.dll
    D:\WINDOWS\system32\gebxxyv.dll
    D:\WINDOWS\system32\wtyggrhd.ini
    D:\WINDOWS\system32\awtqqnn.dll
    D:\WINDOWS\system32\gebyabx.dll
    D:\WINDOWS\system32\nnnnnkk.dll
    D:\WINDOWS\system32\pmnmjhh.dll
    D:\WINDOWS\system32\ddcyaxx.dll
    D:\WINDOWS\system32\jkkigge.dll
    D:\WINDOWS\system32\efcabyy.dll
    D:\WINDOWS\system32\qomnmkl.dll
    D:\WINDOWS\system32\urqpomj.dll
    D:\WINDOWS\system32\dzmpgmfs.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A2493AE-1D27-4EF7-9135-28C7277C8AC6}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b0099af-90f5-4f7f-bd6c-7843b7f4d113}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E154D70-9409-4F1C-BC6F-7397C91E09C4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B538A53-0E56-407F-AF89-E48137255353}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0587107-2243-49BB-B125-D54BD5D54D68}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced DHTML Enable"=-
    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwxx]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Novembre 2007 12:54:50

    ComboFix 07-11-19.3 - Helder 2007-11-23 12:45:52.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.71 [GMT 1:00]
    Running from: D:\Documents and Settings\Helder\Bureau\ComboFix.exe
    Command switches used :: D:\Documents and Settings\Helder\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    D:\WINDOWS\system32\awtqqnn.dll
    D:\WINDOWS\system32\ddcyaxx.dll
    D:\WINDOWS\system32\dzmpgmfs.exe
    D:\WINDOWS\system32\efcabyy.dll
    D:\WINDOWS\system32\faejxnhf.exe
    D:\WINDOWS\system32\fccabyv.VIR
    D:\WINDOWS\system32\gebxxyv.dll
    D:\WINDOWS\system32\gebyabx.dll
    D:\WINDOWS\system32\jkkigge.dll
    D:\WINDOWS\system32\lkjlm.ini
    D:\WINDOWS\system32\lkjlm.ini2
    D:\WINDOWS\system32\mljkl.VIR
    D:\WINDOWS\system32\nnnnnkk.dll
    D:\WINDOWS\system32\pmnmjhh.dll
    D:\WINDOWS\system32\qomnmkl.dll
    D:\WINDOWS\system32\tuvwwxx.dll
    D:\WINDOWS\system32\urqpomj.dll
    D:\WINDOWS\system32\wtyggrhd.ini
    D:\WINDOWS\system32\xxyabya.dll
    D:\WINDOWS\system32\xxywurs.dll
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\WINDOWS\system32\awtqqnn.dll
    D:\WINDOWS\system32\ddcyaxx.dll
    D:\WINDOWS\system32\efcabyy.dll
    D:\WINDOWS\system32\faejxnhf.exe
    D:\WINDOWS\system32\fccabyv.VIR
    D:\WINDOWS\system32\gebxxyv.dll
    D:\WINDOWS\system32\gebyabx.dll
    D:\WINDOWS\system32\jkkigge.dll
    D:\WINDOWS\system32\lkjlm.ini
    D:\WINDOWS\system32\lkjlm.ini2
    D:\WINDOWS\system32\mljkl.VIR
    D:\WINDOWS\system32\nnnnnkk.dll
    D:\WINDOWS\system32\pmnmjhh.dll
    D:\WINDOWS\system32\qomnmkl.dll
    D:\WINDOWS\system32\tuvwwxx.dll
    D:\WINDOWS\system32\urqpomj.dll
    D:\WINDOWS\system32\wtyggrhd.ini
    D:\WINDOWS\system32\xxyabya.dll
    D:\WINDOWS\system32\xxywurs.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-23 11:47 <REP> d-------- D:\Program Files\MSN Apps
    2007-11-22 12:27 128,816 --a------ D:\WINDOWS\system32\TZLog.log
    2007-11-21 20:49 15 --a------ D:\WINDOWS\system32\2816488d
    2007-11-21 19:07 <REP> d-------- D:\Program Files\Avira
    2007-11-21 19:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2007-11-21 17:00 <REP> d-------- D:\VundoFix Backups
    2007-11-21 15:03 <REP> d-------- D:\Program Files\Trend Micro
    2007-11-21 13:33 35,328 --a------ D:\WINDOWS\system32\fcccdec.dll
    2007-11-21 11:33 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-20 21:48 <REP> d---s---- D:\Documents and Settings\Helder\UserData
    2007-11-20 21:27 0 --a------ D:\WINDOWS\system32\mcrh.tmp
    2007-11-20 20:40 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-11-20 20:40 207,736 --a------ D:\WINDOWS\system32\muweb.dll
    2007-11-20 20:40 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-11-20 20:29 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
    2007-11-20 20:26 <REP> d-------- D:\Documents and Settings\Helder\Contacts
    2007-11-20 20:25 <REP> d-------- D:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-20 20:19 <REP> d-------- D:\Program Files\Windows Live
    2007-11-20 20:19 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-20 20:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-20 19:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-20 16:41 <REP> d-------- D:\WINDOWS\neufBOX_ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\USB Driver-Express
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Kit ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Fichiers communs\InstallShield
    2007-11-20 16:41 31,547 --a------ D:\WINDOWS\system32\drivers\usbiad.sys
    2007-11-20 11:46 <REP> d-------- D:\Documents and Settings\LocalService\Menu D‚marrer
    2007-11-20 11:45 269 --a------ D:\WINDOWS\system32\spupdwxp.log
    2007-10-23 17:49 586,752 --a------ D:\WINDOWS\WLXPGSS.SCR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 15:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-19 21:02 --------- d-----w D:\Program Files\Alwil Software
    2007-11-19 20:25 --------- d-----w D:\Program Files\microsoft frontpage
    2007-11-19 20:24 --------- d-----w D:\Program Files\Services en ligne
    2007-11-19 20:23 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\ODBC
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A2493AE-1D27-4EF7-9135-28C7277C8AC6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b0099af-90f5-4f7f-bd6c-7843b7f4d113}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E154D70-9409-4F1C-BC6F-7397C91E09C4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B538A53-0E56-407F-AF89-E48137255353}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0587107-2243-49BB-B125-D54BD5D54D68}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnappau"="D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 21:53]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\fccabyv.dll

    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;D:\WINDOWS\system32\DRIVERS\usbiad.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-23 12:52:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-23 12:53:44 - machine was rebooted
    D:\ComboFix2.txt ... 2007-11-23 11:47
    .
    --- E O F ---
    23 Novembre 2007 12:55:36

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55:22, on 23/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wpabaln.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: d:\windows\system32\fccabyv.dll
    O20 - Winlogon Notify: yayywxw - D:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    --
    End of file - 3601 bytes
    a b 8 Sécurité
    23 Novembre 2007 16:55:14

    Tu peux refaire un scan Combofix ?
    C'est déjà un peu mieux non ?
    23 Novembre 2007 17:42:13

    très bien, je te fais un scan, sans y faire glisser le bloc notes (si j'ai bien compris!

    oui l'ordinateur a l'air d'aller bien mieux ^^ merci :) 

    je te poste le résultat de combofix tout de suite :) 
    23 Novembre 2007 17:45:53

    ComboFix 07-11-19.3 - Helder 2007-11-23 17:41:28.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.54 [GMT 1:00]
    Running from: D:\Documents and Settings\Helder\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-23 11:47 <REP> d-------- D:\Program Files\MSN Apps
    2007-11-22 12:27 128,816 --a------ D:\WINDOWS\system32\TZLog.log
    2007-11-21 20:49 15 --a------ D:\WINDOWS\system32\2816488d
    2007-11-21 19:07 <REP> d-------- D:\Program Files\Avira
    2007-11-21 19:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2007-11-21 17:00 <REP> d-------- D:\VundoFix Backups
    2007-11-21 15:03 <REP> d-------- D:\Program Files\Trend Micro
    2007-11-21 13:33 35,328 --a------ D:\WINDOWS\system32\fcccdec.dll
    2007-11-21 11:33 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-20 21:48 <REP> d---s---- D:\Documents and Settings\Helder\UserData
    2007-11-20 21:27 0 --a------ D:\WINDOWS\system32\mcrh.tmp
    2007-11-20 20:40 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-11-20 20:40 207,736 --a------ D:\WINDOWS\system32\muweb.dll
    2007-11-20 20:40 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-11-20 20:29 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
    2007-11-20 20:26 <REP> d-------- D:\Documents and Settings\Helder\Contacts
    2007-11-20 20:25 <REP> d-------- D:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-20 20:19 <REP> d-------- D:\Program Files\Windows Live
    2007-11-20 20:19 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-20 20:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-20 19:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-20 16:41 <REP> d-------- D:\WINDOWS\neufBOX_ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\USB Driver-Express
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Kit ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Fichiers communs\InstallShield
    2007-11-20 16:41 31,547 --a------ D:\WINDOWS\system32\drivers\usbiad.sys
    2007-11-20 11:46 <REP> d-------- D:\Documents and Settings\LocalService\Menu Démarrer
    2007-11-20 11:45 269 --a------ D:\WINDOWS\system32\spupdwxp.log
    2007-10-23 17:49 586,752 --a------ D:\WINDOWS\WLXPGSS.SCR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 15:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-19 21:02 --------- d-----w D:\Program Files\Alwil Software
    2007-11-19 20:25 --------- d-----w D:\Program Files\microsoft frontpage
    2007-11-19 20:24 --------- d-----w D:\Program Files\Services en ligne
    2007-11-19 20:23 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\ODBC
    2007-10-18 10:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnappau"="D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 21:53]
    "Advanced DHTML Enable"="D:\WINDOWS\system32\dzmpgmfs.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\fccabyv.dll

    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;D:\WINDOWS\system32\DRIVERS\usbiad.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-23 17:44:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-23 17:45:09
    D:\ComboFix2.txt ... 2007-11-23 12:53
    D:\ComboFix3.txt ... 2007-11-23 11:47
    .
    --- E O F ---
    23 Novembre 2007 17:48:14

    oups... je l'ai fais avec antivir étant actif, je recommence en l'ayant désactivé?
    a b 8 Sécurité
    23 Novembre 2007 18:36:14

    Re,

    [#ff0000]Désactive ton antivirus ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    D:\WINDOWS\system32\dzmpgmfs.exe
    d:\windows\system32\fccabyv.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced DHTML Enable"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywxw]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Novembre 2007 19:18:32

    ComboFix 07-11-19.3 - Helder 2007-11-23 19:15:07.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.137 [GMT 1:00]
    Running from: D:\Documents and Settings\Helder\Bureau\ComboFix.exe
    Command switches used :: D:\Documents and Settings\Helder\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    D:\WINDOWS\system32\dzmpgmfs.exe
    d:\windows\system32\fccabyv.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-23 11:47 <REP> d-------- D:\Program Files\MSN Apps
    2007-11-22 12:27 128,816 --a------ D:\WINDOWS\system32\TZLog.log
    2007-11-21 20:49 15 --a------ D:\WINDOWS\system32\2816488d
    2007-11-21 19:07 <REP> d-------- D:\Program Files\Avira
    2007-11-21 19:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2007-11-21 17:00 <REP> d-------- D:\VundoFix Backups
    2007-11-21 15:03 <REP> d-------- D:\Program Files\Trend Micro
    2007-11-21 13:33 35,328 --a------ D:\WINDOWS\system32\fcccdec.dll
    2007-11-21 11:33 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-20 21:48 <REP> d---s---- D:\Documents and Settings\Helder\UserData
    2007-11-20 21:27 0 --a------ D:\WINDOWS\system32\mcrh.tmp
    2007-11-20 20:40 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-11-20 20:40 207,736 --a------ D:\WINDOWS\system32\muweb.dll
    2007-11-20 20:40 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-11-20 20:29 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
    2007-11-20 20:26 <REP> d-------- D:\Documents and Settings\Helder\Contacts
    2007-11-20 20:25 <REP> d-------- D:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-20 20:19 <REP> d-------- D:\Program Files\Windows Live
    2007-11-20 20:19 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-20 20:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-20 19:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-20 16:41 <REP> d-------- D:\WINDOWS\neufBOX_ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\USB Driver-Express
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Kit ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Fichiers communs\InstallShield
    2007-11-20 16:41 31,547 --a------ D:\WINDOWS\system32\drivers\usbiad.sys
    2007-11-20 11:46 <REP> d-------- D:\Documents and Settings\LocalService\Menu Démarrer
    2007-11-20 11:45 269 --a------ D:\WINDOWS\system32\spupdwxp.log
    2007-10-23 17:49 586,752 --a------ D:\WINDOWS\WLXPGSS.SCR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 15:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-19 21:02 --------- d-----w D:\Program Files\Alwil Software
    2007-11-19 20:25 --------- d-----w D:\Program Files\microsoft frontpage
    2007-11-19 20:24 --------- d-----w D:\Program Files\Services en ligne
    2007-11-19 20:23 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\ODBC
    2007-10-18 10:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnappau"="D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 21:53]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\fccabyv.dll

    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;D:\WINDOWS\system32\DRIVERS\usbiad.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-23 19:16:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-23 19:17:02
    D:\ComboFix2.txt ... 2007-11-23 17:45
    D:\ComboFix3.txt ... 2007-11-23 12:53
    .
    --- E O F ---
    23 Novembre 2007 19:19:08

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19:00, on 23/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wpabaln.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: d:\windows\system32\fccabyv.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    --
    End of file - 3621 bytes
    24 Novembre 2007 00:16:12

    Vive la TEAM SÉCURITÉ IDN !!
    a b 8 Sécurité
    24 Novembre 2007 11:58:40

    :jap: 

    Tu peux refaire le script Combofix en désactivant le TeaTimer de Spybot ?
    24 Novembre 2007 19:32:39

    ComboFix 07-11-19.3 - Helder 2007-11-24 19:30:09.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.73 [GMT 1:00]
    Running from: D:\Documents and Settings\Helder\Bureau\ComboFix.exe
    Command switches used :: D:\Documents and Settings\Helder\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    D:\WINDOWS\system32\dzmpgmfs.exe
    d:\windows\system32\fccabyv.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-23 11:47 <REP> d-------- D:\Program Files\MSN Apps
    2007-11-22 12:27 128,816 --a------ D:\WINDOWS\system32\TZLog.log
    2007-11-21 20:49 15 --a------ D:\WINDOWS\system32\2816488d
    2007-11-21 19:07 <REP> d-------- D:\Program Files\Avira
    2007-11-21 19:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2007-11-21 17:00 <REP> d-------- D:\VundoFix Backups
    2007-11-21 15:03 <REP> d-------- D:\Program Files\Trend Micro
    2007-11-21 13:33 35,328 --a------ D:\WINDOWS\system32\fcccdec.dll
    2007-11-21 11:33 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-20 21:48 <REP> d---s---- D:\Documents and Settings\Helder\UserData
    2007-11-20 21:27 0 --a------ D:\WINDOWS\system32\mcrh.tmp
    2007-11-20 20:40 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
    2007-11-20 20:40 207,736 --a------ D:\WINDOWS\system32\muweb.dll
    2007-11-20 20:40 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
    2007-11-20 20:29 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
    2007-11-20 20:26 <REP> d-------- D:\Documents and Settings\Helder\Contacts
    2007-11-20 20:25 <REP> d-------- D:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-20 20:19 <REP> d-------- D:\Program Files\Windows Live
    2007-11-20 20:19 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-20 20:19 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-20 19:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-20 16:41 <REP> d-------- D:\WINDOWS\neufBOX_ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\USB Driver-Express
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Kit ADSL
    2007-11-20 16:41 <REP> d-------- D:\Program Files\Fichiers communs\InstallShield
    2007-11-20 16:41 31,547 --a------ D:\WINDOWS\system32\drivers\usbiad.sys
    2007-11-20 11:46 <REP> d-------- D:\Documents and Settings\LocalService\Menu Démarrer
    2007-11-20 11:45 269 --a------ D:\WINDOWS\system32\spupdwxp.log

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-20 15:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-19 21:02 --------- d-----w D:\Program Files\Alwil Software
    2007-11-19 20:25 --------- d-----w D:\Program Files\microsoft frontpage
    2007-11-19 20:24 --------- d-----w D:\Program Files\Services en ligne
    2007-11-19 20:23 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
    2007-11-19 20:15 --------- d-----w D:\Program Files\Fichiers communs\ODBC
    2007-10-23 16:49 586,752 ----a-w D:\WINDOWS\WLXPGSS.SCR
    2007-10-18 10:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnappau"="D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe" [2004-07-22 21:53]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\fccabyv.dll

    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;D:\WINDOWS\system32\DRIVERS\usbiad.sys

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 19:31:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 19:32:25
    D:\ComboFix2.txt ... 2007-11-23 19:17
    D:\ComboFix3.txt ... 2007-11-23 17:45
    .
    --- E O F ---
    24 Novembre 2007 19:37:57

    j'espère avoir bien procédé :) 
    25 Novembre 2007 17:17:06

    alors Mr.?
    a b 8 Sécurité
    25 Novembre 2007 21:13:13

    Reposte un rapport Hijackthis.
    26 Novembre 2007 15:31:36

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:31:02, on 26/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wpabaln.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: d:\windows\system32\fccabyv.dll
    O20 - Winlogon Notify: yayywxw - D:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    --
    End of file - 3632 bytes
    a b 8 Sécurité
    26 Novembre 2007 17:52:31

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O20 - AppInit_DLLs: d:\windows\system32\fccabyv.dll
    O20 - Winlogon Notify: yayywxw - D:\WINDOWS\


    Supprime ce fichier :
    d:\windows\system32\fccabyv.dll
    26 Novembre 2007 18:05:35

    Il me semble que se soit bon, je te refais un Hijackthis!
    Voilà le résultat:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:05:27, on 26/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wpabaln.exe
    D:\Program Files\Windows Media Player\wmplayer.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [Advanced DHTML Enable] D:\WINDOWS\system32\dzmpgmfs.exe
    O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    --
    End of file - 3359 bytes
    a b 8 Sécurité
    26 Novembre 2007 18:08:09

    Des questions ou problèmes ?
    26 Novembre 2007 18:12:20

    heu oui... c'est fini? :) 

    lol j'ai l'impression que tout va bien :p  :D 
    a b 8 Sécurité
    26 Novembre 2007 18:47:25

    Je pense que oui :) 
    26 Novembre 2007 19:08:36

    lol tu penses? :D 

    merciiiiiiiiiiiiiiiiii, vraiment :)  ce site est fantastique, sa aurai été impossible de faire ça tout seul, pour moi...

    merci bien!!!! j'espere ne plus avoir à user de votre temps :p  ;) 
    a b 8 Sécurité
    26 Novembre 2007 19:10:20

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS