Se connecter / S'enregistrer
Votre question

CHEVALDE TROIE

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Novembre 2007 18:54:02

Bonjour a tous,
j'espere pouvoir trouver ici un peu d'aide car j'ai bien essayé de m'en sortir seul mais sans succes...
j'ai un ordi portable avec windows xp... suite a un manque de prudence de ma part , j'ai installé un programme douteux qui n'etait autre qu'un virus... il vient d'etre detecté par avast sous le nom: rarndrll2.exe et ttc.dll concretement ca se traduit par l'arrive de page de pub intempestive oud'autres sites... le bonheur...
j'ai essayé de redemarer sans echec puis de faire un scan avec AVG sans succes j'ai aussi installé sur mon ordi brute force installer et essayé de suivre un tuto lu sur un site
http://www.presence-pc.com/forum/ppc/Logiciels/secours-... 964-1.htm
mais sans succes ... j'ai egalement essayé de supprimer ces deux fichiers a partir du mode sans echec en utilisant la fonction "rechercher" mais l'ordi ne les a pas trouvé ...
je viens de telecharger hijackthis et je vous publie le rapport car je crois que c'est ce qu'il faut faire ... a la suite de ce rapport je publie le rapport d'avg...
( pour ceux qui auraient le courage de me repondre, merci de me parler comme a un enfant de quatre an car je n'y connait strictement rien dans ce domaine ;) 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:18, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\services.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001EC51.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 7655 bytes

RAPPORT D AVG:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:41:12 01/11/2007

+ Résultat de l'analyse:



HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\IENCLOHL\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé.
:mozilla.22:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.10:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.7:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.8:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

Configuration: Windows XP
Firefox 2.0.0.8

Autres pages sur : chevalde troie

a b 8 Sécurité
2 Novembre 2007 19:00:27

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    2 Novembre 2007 19:30:32

    quand j'essaye d'installer, j'ai ce message qui apparait ...l'APLICATION OU LA DLL C: windows/ system32\_c001EC51. dat n'est pas une image windows valide. verifier a l'aide de votre disquette d'istallation ..
    Contenus similaires
    a b 8 Sécurité
    2 Novembre 2007 19:34:03

    Installer quoi ?
    3 Novembre 2007 00:58:13

    combo fix.exe ;) 
    3 Novembre 2007 01:10:06

    bon alors j'ai un nouveau soucis.. un message intitulé nom de programme x, y , z.exe-IMAGE INCORRECTE apparait sans cesse ( a chaque fois avec un nome de programme different apparement il m'empeche de faire fonctionner le programme que tu m'as donné...
    et en dessous
    l'APLICATION OU LA DLL C: windows/ system32\_c001EC51. dat n'est pas une image windows valide. verifier a l'aide de votre disquette d'istallation ..
    3 Novembre 2007 13:15:23

    apparement des l'installation il a trouve un virus j'ai beau cliquer sur move to quarantine ou access deny ca reapparait ...
    le message qui apparait c'est
    c:\windows\system 32\_c009ADE2.dat
    je viens d'aller rue montgallet pour voir ce que je pouvais faire et le type me demande 60E il m'a dit que la seule solution ct de reformater .. je te mets le scan des qu'il est pret merci ;) 
    3 Novembre 2007 14:11:07

    ci joint le rapport antivir je te remercie par avance..

    AntiVir PersonalEdition Classic
    Report file date: 2007-11-03 13:15

    Scanning for 1036370 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: BEGNY-GA1A4CHG2

    Version information:
    BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
    ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
    ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
    AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2007-11-03 13:15

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'avnotify.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'HControl.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Tablet.exe' - '1' Module(s) have been scanned
    Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'Tablet.exe' - '1' Module(s) have been scanned
    Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '24' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '477c6725.qua'!
    C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '479f6776.qua'!
    C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
    [DETECTION] Contains suspicious code HEUR/Exploit.HTML
    [INFO] The file was moved to '4791678c.qua'!
    C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47a66e4f.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '478f6e63.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47986e62.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '479d6e50.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '478f6e4e.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475e6e21.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475f6e62.qua'!
    C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
    [0] Archive type: ZIP
    --> __c001EC51.dat
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47636e63.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
    [DETECTION] Is the Trojan horse TR/Agent.RIR.135
    [INFO] The file was moved to '475c6e48.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
    [DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
    [INFO] The file was moved to '475c6e89.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475c6f0a.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475c6f0e.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '46c12e57.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '475c6f11.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '475c6f12.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '46c12e4b.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '475c6f14.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475c6f13.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '46c12e4c.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '46c12e4d.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475c6f15.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475c6f18.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '475c6f1b.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '475c6f1e.qua'!
    C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '475c6f23.qua'!
    C:\WINDOWS\mrofinu1000106.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '479b6f77.qua'!
    C:\WINDOWS\mrofinu1000106.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '46005930.qua'!
    C:\WINDOWS\mrofinu1188.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '479b6f79.qua'!
    C:\WINDOWS\mrofinu1188.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '479b6f78.qua'!
    C:\WINDOWS\system32\lejygeds.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '479671b9.qua'!
    C:\WINDOWS\system32\nkiupqwt.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '479571ca.qua'!
    C:\WINDOWS\system32\spudscv.exe
    [DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
    [INFO] The file was moved to '47a171d9.qua'!
    C:\WINDOWS\system32\__c009ADE2.dat
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\b3\rarndrll2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
    [INFO] The file was moved to '479e72ab.qua'!
    C:\WINDOWS\system32\u4\wr31drs.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '475f7308.qua'!


    End of the scan: 2007-11-03 14:07
    Used time: 52:21 min

    The scan has been done completely.

    6463 Scanning directories
    397755 Files were scanned
    22 viruses and/or unwanted programs were found
    16 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    37 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    397733 Files not concerned
    6422 Archives were scanned
    2 Warnings
    50 Notes

    a b 8 Sécurité
    3 Novembre 2007 20:13:16

    Reposte un rapport Hijackthis.
    3 Novembre 2007 20:52:43

    qqn m'a bcp aidé cette apres midi su un autre forum apparement ca a nettoyé pas mal de truc... je te poste le rapport deux avis valeent mieux qu'un ;)  merci d'avance
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:50:37, on 03/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --
    End of file - 8099 bytes
    a b 8 Sécurité
    3 Novembre 2007 22:00:38

    Retente Combofix.
    4 Novembre 2007 00:21:55

    ci joint le dernier log combofix... merci a toi ;) 

    ComboFix 07-11-01.1 - BEGNY 2007-11-04 0:10:28.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1258 [GMT 1:00]
    Running from: C:\Downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-04 00:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Comodo
    2007-11-03 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2007-11-03 23:19 <REP> d-------- C:\Program Files\Comodo
    2007-11-03 19:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-03 17:38 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Grisoft
    2007-11-03 17:38 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-03 17:33 <REP> d-------- C:\Program Files\CCleaner
    2007-11-03 15:36 <REP> d-------- C:\pca
    2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
    2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
    2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
    2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
    2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
    2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
    2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
    2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
    2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
    2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
    2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
    2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
    2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-10-31 17:17 <REP> d-------- C:\Temp
    2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
    2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
    2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
    2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
    2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
    2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
    2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
    2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
    2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
    2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
    2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
    2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
    2007-10-04 12:40 <REP> d-------- C:\Downloads
    2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
    2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
    2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 19:35 22 ----a-w C:\WINDOWS\Fonts\a.zip
    2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
    2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
    2007-10-24 13:12 --------- d-----w C:\Program Files\Java
    2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
    2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
    2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
    2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
    2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
    2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-09-23 19:41 --------- d-----w C:\Program Files\Google
    2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
    2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
    2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
    2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
    2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
    2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
    2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
    2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
    2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
    2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
    2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
    2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
    2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
    2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
    2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
    2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
    2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
    2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
    2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
    2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
    2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
    2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
    2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
    2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
    2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
    2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
    2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
    2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
    2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
    2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
    2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
    2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
    2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
    2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
    2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
    2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
    2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
    2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
    2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
    2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
    2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
    2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
    2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
    2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
    2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
    2007-09-20 16:25 --------- d-----w C:\Program Files\key
    2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
    2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
    2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
    2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
    2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-03 23:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
    R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
    R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-04 00:15:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-04 0:17:18 - machine was rebooted
    .
    --- E O F ---
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS