Votre question

[résolu] je sais plus quoi faire

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Novembre 2007 15:46:45

bonjour à tous. Depuis le début de la semaine dernière je suis infecté par la fameuse "security toolbar 7.1" et sa ribambelle de messages plus pénibles les uns que les autres et toutes mes tentatives pour l'éradiquer ont échoué. Au début elle ne revenait que deux démarrages plus tard mais maintenant je n'ai plus une connexion tranquille.

mon système est windows xp pro avec le pare feu windows et avast+spybot comm protection. Au cours de mes tentatives, j'ai ajouté avg.

Lors de ma dernière tentative, j'ai coupé ma connexion internet puis j'ai redémarré en mode sans échec (dans lequel j'avais toujours l'icone jaune avec point d'exclamation et ses messages). Dans ce mode, j'ai utilisé :
clean, smitfraudfix, avg et spybot
redémarrage en mode normal (plus d'attention jaune) :
scan minutieux avast avec scan des archives qui n'a rien trouvé (content comme tout) pouis lancement de ccleaner pour lancement du nettoyeur et réparation des erreurs de registres. J'ai voulu me reconnecter au net pour lancer un scan panda par internet pour être sûr (j'avais avast et avg en protection) et en deux secondes à peine, retour au status quo.

Autres pages sur : resolu sais

12 Novembre 2007 15:47:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:10, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Axel\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-digital-media.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gmjleafe.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [80938c9d] rundll32.exe "C:\WINDOWS\system32\hsejvoxv.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001FBEE.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6742 bytes
12 Novembre 2007 16:04:33

Désespère pas, t'aproche du but... Pour ce qui est du log Hijackthis, c'est po jolie jolie... Va sur http://www.hijackthis.de/fr et copie ton log là où c'est indiqué, ensuite, tu vas voir les résultats... T'a quelques trucs pas jouasses (indiqués par une croix). Sinon, une chose que tu à oublié avant de redémarrer après ton netoyage en mode sans-echec, c'est d'exécuter "msconfig"; de là tu désactive les services pour lesquels tu as un doute, et ceux-ci ne se lanceront pas au démarrage (touche pas au reste, sauf si tu souhaite approfondir tes connaisances concernant les plantages et malheurs de windows, ou de t'y connaitre ;) )
Contenus similaires
12 Novembre 2007 17:09:54

Bonjour

hijacthis.de n'est pas à jour: risque d'oublis et risques de fixs de lignes légitimes.
ne conseille pas ça stp.

de toute façon, pour ce genre de vundo, ça ne suffira pas. (hijackthis ne montre pas tout)

merem

1

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo


2

C:\Documents and Settings\DUFLO Pascal\Bureau\Hijack\HijackThis.exe
clic droit sur le fichier en gras, tu le renommes en merem.exe puis tu fais un scan en cliquant sur merem.exe et tu postes le rapport
12 Novembre 2007 21:16:45

le site pour le vundofix ne m'est pas accessible ce soir, je réessaye demain. En tout cas, merci
12 Novembre 2007 22:00:34

re
on va faire autrement

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Désactive impérativement ton antivirus et le bouclier AVG Anti-Spyware avant de lancer l'analyse.

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.
12 Novembre 2007 23:00:59

ComboFix 07-11-08.1 - Axel 2007-11-12 22:45:36.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1442 [GMT 1:00]
Running from: C:\Documents and Settings\Axel\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Axel\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Axel\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Axel\Favoris\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0017F64.dat
C:\WINDOWS\system32\__c001FBEE.dat
C:\WINDOWS\system32\__c006DD56.dat
C:\WINDOWS\system32\__c00A4C3A.dat
C:\WINDOWS\system32\__c00C4529.dat
C:\WINDOWS\system32\__c00E9AF4.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\douoxcla.dll
C:\WINDOWS\system32\dvlfieax.dll
C:\WINDOWS\system32\dwnknptq.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gmjleafe.dllbox
C:\WINDOWS\system32\hnchdynx.dllbox
C:\WINDOWS\system32\mbhegqji.dllbox
C:\WINDOWS\system32\qgwhhjbm.dll
C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\tmp79.tmp
C:\WINDOWS\system32\wjqgjppn.dll
C:\WINDOWS\system32\yakiocag.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\zbnsybns.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 22:43 145,984 --a------ C:\WINDOWS\system32\zbnsybns.dll
2007-11-12 22:43 145,984 --a------ C:\WINDOWS\system32\duenduck.dll
2007-11-12 22:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 21:02 89,664 --a------ C:\WINDOWS\system32\olesvnss.dll
2007-11-12 21:02 81,472 --a------ C:\WINDOWS\system32\mcwlijnh.dll
2007-11-11 19:12 79,936 --a------ C:\WINDOWS\system32\yjhoyfgt.dll
2007-11-11 19:09 71,232 --a------ C:\WINDOWS\system32\rdcamckd.exe
2007-11-10 19:02 <REP> d-------- C:\Program Files\laughnetwork
2007-11-10 19:00 <REP> d-------- C:\Documents and Settings\Axel\Application Data\Grisoft
2007-11-10 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 18:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-10 18:50 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-10 18:37 81,472 --a------ C:\WINDOWS\system32\ykrlbwed.dll
2007-11-10 18:35 71,232 --a------ C:\WINDOWS\system32\gchxqagj.exe
2007-11-09 05:20 80,448 --a------ C:\WINDOWS\system32\bvovynsa.dll
2007-11-09 05:18 145,984 --a------ C:\WINDOWS\system32\gmjleafe.dll
2007-11-09 05:17 145,984 --a------ C:\WINDOWS\system32\lmlufgfc.dll
2007-11-08 17:12 2,352 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-06 17:17 <REP> d--h----- C:\Program Files\ApplePie
2007-11-06 13:10 <REP> d-------- C:\Program Files\SubEdit
2007-11-06 13:10 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-06 13:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-04 15:48 <REP> d-------- C:\Program Files\Steam
2007-10-28 03:10 <REP> d-------- C:\Program Files\Bohemia Interactive
2007-10-28 02:11 <REP> d-------- C:\Program Files\Doom 3
2007-10-24 11:36 <REP> d-------- C:\Program Files\TI Education
2007-10-24 11:36 <REP> d-------- C:\Documents and Settings\Axel\Application Data\Texas Instruments
2007-10-24 11:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-15 15:55 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-14 16:43 <REP> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 21:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-12 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 14:10 --------- d-----w C:\Documents and Settings\Axel\Application Data\Lavasoft
2007-11-09 15:08 --------- d-----w C:\Program Files\eMule
2007-11-09 14:47 --------- d-----w C:\Documents and Settings\Axel\Application Data\U3
2007-11-06 20:09 --------- d-----w C:\Program Files\Warcraft III
2007-11-06 15:03 --------- d-----w C:\Program Files\EuroPoker
2007-10-28 03:01 --------- d-----w C:\Program Files\OpenAL
2007-10-28 01:41 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-22 09:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 08:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-11 08:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-08 08:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-01 11:06 --------- d-----w C:\Program Files\PowerQuest
2007-09-23 17:34 --------- d-----w C:\Program Files\Namo
2007-09-23 17:13 --------- d-----w C:\Program Files\Juice
2007-09-23 17:13 --------- d-----w C:\Program Files\Heroes
2007-09-23 14:58 --------- d-----w C:\Program Files\AxBx
2007-09-12 14:53 --------- d-----w C:\Program Files\Java
2007-09-12 14:50 --------- d-----w C:\Documents and Settings\Axel\Application Data\Ahead
2007-09-12 14:47 --------- d-----w C:\Program Files\Nero
2007-09-12 14:47 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-12 14:28 --------- d-----w C:\Program Files\Ahead
2007-03-01 15:30 47,360 ----a-w C:\Documents and Settings\Axel\Application Data\pcouffin.sys
2006-11-07 17:35 1 ----a-w C:\Documents and Settings\Axel\SI.bin
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D}]
2007-11-06 17:17 95232 --a------ C:\Program Files\ApplePie\ie-improver.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56df9806-b414-4ead-b866-502c569da0e2}]
2007-11-12 21:02 81472 --a------ C:\WINDOWS\system32\mcwlijnh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8756F836-42D5-4C1C-A370-2081405F0489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FFC3DD1-78B8-4D29-AA01-23157B750328}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-12 22:43 145984 --a------ C:\WINDOWS\system32\zbnsybns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zbnsybns.dll [2007-11-12 22:43 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-12 14:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 04:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-05 13:50]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 08:06 C:\WINDOWS\system32\ptipbmf.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"80938c9d"="C:\WINDOWS\system32\olesvnss.dll" [2007-11-12 21:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18]
"Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-08 19:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrrs]
urqrrrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywtqo]
yaywtqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywxyw]
yaywxyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zbnsybns]
zbnsybns.dll 2007-11-12 22:43 145984 C:\WINDOWS\system32\zbnsybns.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy.dll

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 22:56:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 23:00:09 - machine was rebooted
.
--- E O F ---
12 Novembre 2007 23:01:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:52, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Axel\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-digital-media.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {2e0ad965-c205-668b-dae4-414b6089fd65} - {56df9806-b414-4ead-b866-502c569da0e2} - C:\WINDOWS\system32\mcwlijnh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8756F836-42D5-4C1C-A370-2081405F0489} - (no file)
O2 - BHO: (no name) - {8FFC3DD1-78B8-4D29-AA01-23157B750328} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zbnsybns.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zbnsybns.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [80938c9d] rundll32.exe "C:\WINDOWS\system32\olesvnss.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: urqrrrs - urqrrrs.dll (file missing)
O20 - Winlogon Notify: yaywtqo - yaywtqo.dll (file missing)
O20 - Winlogon Notify: yaywxyw - yaywxyw.dll (file missing)
O20 - Winlogon Notify: zbnsybns - C:\WINDOWS\SYSTEM32\zbnsybns.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7974 bytes
13 Novembre 2007 12:37:18

j'ai pu télécharger vundofix ce midi. Ca a l'air de fonctionner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:58, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Axel\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {2e0ad965-c205-668b-dae4-414b6089fd65} - {56df9806-b414-4ead-b866-502c569da0e2} - C:\WINDOWS\system32\mcwlijnh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8756F836-42D5-4C1C-A370-2081405F0489} - (no file)
O2 - BHO: (no name) - {8FFC3DD1-78B8-4D29-AA01-23157B750328} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [80938c9d] rundll32.exe "C:\WINDOWS\system32\olesvnss.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: urqrrrs - urqrrrs.dll (file missing)
O20 - Winlogon Notify: yaywtqo - yaywtqo.dll (file missing)
O20 - Winlogon Notify: yaywxyw - yaywxyw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7672 bytes
13 Novembre 2007 12:47:19

si vous me confirmez que le problème est résolu, y a-t-il quelque chose que je puisse faire pour la prévention (en rappel j'ai avast et avg en protection + spybot en plus pour les scans et le pare feu windows)

edit : je doute que le problème soit résolu puisse que je n'ai plus la security toolbar, plus les messages chiants mais ma page web de démarrage ne cesse d'être start-digital-media.com
13 Novembre 2007 21:34:41

bonsoir

pour la prévention, on verra tout ça en fin de désinfection ;O)

désactive avast et le bouclier de AVG Anti-Spyware Guard avant cette manipulation

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\zbnsybns.dll
C:\WINDOWS\system32\duenduck.dll
C:\WINDOWS\system32\olesvnss.dll
C:\WINDOWS\system32\mcwlijnh.dll
C:\WINDOWS\system32\yjhoyfgt.dll
C:\WINDOWS\system32\rdcamckd.exe
C:\WINDOWS\system32\ykrlbwed.dll
C:\WINDOWS\system32\gchxqagj.exe
C:\WINDOWS\system32\bvovynsa.dll
C:\WINDOWS\system32\gmjleafe.dll
C:\WINDOWS\system32\lmlufgfc.dll

Folder::
C:\Program Files\ApplePie
C:\Program Files\laughnetwork

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56df9806-b414-4ead-b866-502c569da0e2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8756F836-42D5-4C1C-A370-2081405F0489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FFC3DD1-78B8-4D29-AA01-23157B750328}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"80938c9d"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Videos"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrrs]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywtqo]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywxyw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zbnsybns]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ++++++++++

    Analyse ce fichier :

    C:\WINDOWS\system32\windrv.sys

    Sur le site de virusscan

    http://virusscan.jotti.org/

    poste-nous le rapport.




    13 Novembre 2007 23:42:07

    ComboFix 07-11-08.1 - Axel 2007-11-13 23:34:26.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1591 [GMT 1:00]
    Running from: C:\Documents and Settings\Axel\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Axel\Bureau\cfscript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\bvovynsa.dll
    C:\WINDOWS\system32\duenduck.dll
    C:\WINDOWS\system32\gchxqagj.exe
    C:\WINDOWS\system32\gmjleafe.dll
    C:\WINDOWS\system32\lmlufgfc.dll
    C:\WINDOWS\system32\mcwlijnh.dll
    C:\WINDOWS\system32\olesvnss.dll
    C:\WINDOWS\system32\rdcamckd.exe
    C:\WINDOWS\system32\yjhoyfgt.dll
    C:\WINDOWS\system32\ykrlbwed.dll
    C:\WINDOWS\system32\zbnsybns.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Program Files\ApplePie
    C:\Program Files\ApplePie\bho.dat
    C:\Program Files\ApplePie\er.dat
    C:\Program Files\ApplePie\ie-improver.dll
    C:\Program Files\ApplePie\uninstall.exe
    C:\Program Files\laughnetwork
    C:\Program Files\laughnetwork\Temp\license.txt
    C:\Program Files\laughnetwork\Uninst.exe
    C:\Program Files\laughnetwork\update.exe
    C:\WINDOWS\system32\bvovynsa.dll
    C:\WINDOWS\system32\duenduck.dll
    C:\WINDOWS\system32\gchxqagj.exe
    C:\WINDOWS\system32\gmjleafe.dll
    C:\WINDOWS\system32\lmlufgfc.dll
    C:\WINDOWS\system32\mcwlijnh.dll
    C:\WINDOWS\system32\olesvnss.dll
    C:\WINDOWS\system32\rdcamckd.exe
    C:\WINDOWS\system32\yjhoyfgt.dll
    C:\WINDOWS\system32\ykrlbwed.dll
    C:\WINDOWS\system32\zbnsybns.dllbox

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-12 22:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 19:00 <REP> d-------- C:\Documents and Settings\Axel\Application Data\Grisoft
    2007-11-10 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-10 18:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-10 18:50 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-11-08 17:12 2,352 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-06 13:10 <REP> d-------- C:\Program Files\SubEdit
    2007-11-06 13:10 249,856 --------- C:\WINDOWS\Setup1.exe
    2007-11-06 13:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2007-11-04 15:48 <REP> d-------- C:\Program Files\Steam
    2007-10-28 03:10 <REP> d-------- C:\Program Files\Bohemia Interactive
    2007-10-28 02:11 <REP> d-------- C:\Program Files\Doom 3
    2007-10-24 11:36 <REP> d-------- C:\Program Files\TI Education
    2007-10-24 11:36 <REP> d-------- C:\Documents and Settings\Axel\Application Data\Texas Instruments
    2007-10-24 11:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-15 15:55 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-14 16:43 <REP> d-------- C:\Program Files\MSXML 4.0

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 17:45 --------- d-----w C:\Program Files\eMule
    2007-11-13 17:17 --------- d-----w C:\Program Files\Warcraft III
    2007-11-13 12:06 --------- d-----w C:\Program Files\AxBx
    2007-11-13 12:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-13 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-12 14:10 --------- d-----w C:\Documents and Settings\Axel\Application Data\Lavasoft
    2007-11-09 14:47 --------- d-----w C:\Documents and Settings\Axel\Application Data\U3
    2007-11-06 15:03 --------- d-----w C:\Program Files\EuroPoker
    2007-10-28 03:01 --------- d-----w C:\Program Files\OpenAL
    2007-10-28 01:41 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-22 09:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-11 08:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-10-11 08:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-10-08 08:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-01 11:06 --------- d-----w C:\Program Files\PowerQuest
    2007-09-23 17:34 --------- d-----w C:\Program Files\Namo
    2007-09-23 17:13 --------- d-----w C:\Program Files\Juice
    2007-09-23 17:13 --------- d-----w C:\Program Files\Heroes
    2007-03-01 15:30 47,360 ----a-w C:\Documents and Settings\Axel\Application Data\pcouffin.sys
    2006-11-07 17:35 1 ----a-w C:\Documents and Settings\Axel\SI.bin
    2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-12_22.58.04.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-13 11:29:20 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6b8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-12 14:55]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
    "SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [2000-05-08 04:20]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-05 13:50]
    "Ptipbmf"="ptipbmf.dll" [2003-06-20 08:06 C:\WINDOWS\system32\ptipbmf.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\autoplay.exe

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 23:38:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 23:41:11 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-12 23:00
    .
    --- E O F ---
    13 Novembre 2007 23:47:17

    je sais pas si c'est ce que tu veux pour virusscan :

    Service load: 0% 100%

    File: windrv.sys
    Status: OK
    MD5: c8992239cd2bb325a7079b62e24aeda6
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 13 Nov 2007 22:43:33 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
    14 Novembre 2007 14:20:21

    bonjour

    ok,

    dis moi comment se comporte ton pc et poste un nouveau rapport hijackthis
    14 Novembre 2007 15:51:54

    et bien c'est beaucoup mieux.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:50:54, on 14/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SOINTGR.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Axel\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infos-du-net.com/forum/274675-11-sais-faire
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 6916 bytes

    dois-je marquer mon topic comme résolu ?
    14 Novembre 2007 21:16:38

    bonsoir

    Citation :
    dois-je marquer mon topic comme résolu ?


    pas encore

    supprime: C:\qoobox et vide ta corbeille.


    1

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM


    Clique sur Fix checked (en bas à gauche)


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\Suchspur.dll

    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-

    2

    tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->[#ff2a00]Tuto
    <--


    Pourquoi changer ? : Avast! vs Antivir
    15 Novembre 2007 00:05:53

    je n'ai pas pu finir ta procédure. Je suis allé jusqu'à clique sur fix checked
    je n'ai pas trouvé suchpur dans system32 et du coup je me suis alors contenté d'installé antivir
    pour le scan antivir, c'est en cours
    15 Novembre 2007 10:30:16



    AntiVir PersonalEdition Classic
    Report file date: jeudi 15 novembre 2007 00:18

    Scanning for 929559 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ORDI2

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 23:16:24
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 23:16:24
    ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 23:16:24
    ANTIVIR3.VDF : 7.0.0.217 63488 Bytes 14/11/2007 23:16:24
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 23:16:25
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 15 novembre 2007 00:18

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'sointgr.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '24' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP467\A0458913.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '476f9501.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461199.dll
    [DETECTION] Is the Trojan horse TR/Vundo.BB
    [INFO] The file was moved to '476fecb4.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461200.dll
    [DETECTION] Is the Trojan horse TR/BHO.Agent.AV
    [INFO] The file was moved to '47700858.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461201.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '46d002b9.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461202.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '46efe341.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461203.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '4770085a.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP469\A0461228.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '47700859.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461312.dll
    [DETECTION] Is the Trojan horse TR/Agent.AFSP
    [INFO] The file was moved to '4770085d.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461313.dll
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79937
    [INFO] The file was moved to '46efe346.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461314.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '4770085f.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461315.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46efe378.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461316.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '4770085e.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0461331.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '46efe347.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0462357.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47700868.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP471\A0462358.dll
    [DETECTION] Is the Trojan horse TR/Agent.AFSP
    [INFO] The file was moved to '46efe371.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP472\A0464535.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '47700870.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464558.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Brosys
    [INFO] The file was moved to '47700872.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464559.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47700873.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464560.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46efe36c.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464561.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47700875.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464562.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46efe36e.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464563.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47700874.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464564.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '46efe36d.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464565.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
    [INFO] The file was moved to '47700876.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464567.exe
    [DETECTION] Is the Trojan horse TR/Drop.BHO.A.1
    [INFO] The file was moved to '46efe36f.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464571.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47700877.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464577.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '46efe360.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP473\A0464638.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '47700879.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464720.dll
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79937
    [INFO] The file was moved to '4770087b.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464721.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '46efe364.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464722.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '4770087d.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464723.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '46efe366.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464724.dll
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '4770087c.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464725.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '46efe365.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464726.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '4770087e.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464727.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was moved to '46efe367.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464728.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '4770087f.qua'!
    C:\System Volume Information\_restore{882CF039-DC0B-4FB0-98C8-031D6E7275A9}\RP474\A0464729.dll
    [DETECTION] Is the Trojan horse TR/Spy.Vundo.79936
    [INFO] The file was moved to '46efe398.qua'!
    C:\VundoFix Backups\zbnsybns.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.CA
    [INFO] The file was moved to '47aa08d4.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd1965.sys
    [WARNING] The file could not be opened!
    Begin scan in 'F:\'


    End of the scan: jeudi 15 novembre 2007 10:07
    Used time: 9:49:10 min

    The scan has been done completely.

    5062 Scanning directories
    281466 Files were scanned
    39 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    39 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    281427 Files not concerned
    1280 Archives were scanned
    3 Warnings
    27 Notes

    15 Novembre 2007 21:41:29

    bonsoir

    relis la procédure, :) 
    avec Suchspur.dll : c'est un copier coller: tu copies la ligne que je te donne sur le forum et tu la colles dans OTMoveIt.
    j'attends le rapport généré par l'outil.
    15 Novembre 2007 23:46:02

    File/Folder C:\WINDOWS\system32\Suchspur.dll not found.

    Created on 11/15/2007 23:45:46
    16 Novembre 2007 00:22:48

    bien
    reposte un log hijackthis stp
    16 Novembre 2007 19:02:22

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:02:31, on 16/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SOINTGR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Axel\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 6521 bytes
    16 Novembre 2007 21:35:02

    bonsoir
    c'est ok,

    Supprime les programmes installés pour la désinfection. (OTMoveIt, ComboFix)



    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS