Votre question

Win32:Agent-LAP [Trj] Win32:Tiny-IF [Trj]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Octobre 2007 18:02:27

Bonjour,
Depuis moins d une semaine mon antivirus avast me signale a chaque demarrage de windows untrojan qu il nomme Win32:p urityScan-AF [Trj];Win32:Agent-LAP [Trj],Win32:Tiny-IF [Trj].Je leur demande donc de le supprimer ce qui n estpas toujours fait mais il revient a caque fois.J aimerais donc savoir ce que vous me conseillez de faire.
PS:il m affiche aussi des pub douteuses d antivrus...

Autres pages sur : win32 agent lap trj win32 tiny trj

10 Octobre 2007 14:30:57

Mais ce n est pas genant si j ai mon antivirus(kapersky:j ai desinstalle avast) en meme temps?
Contenus similaires
10 Octobre 2007 15:04:02

Non, Hijackthis ne fait que lister certaines entrées dans le registre.
10 Octobre 2007 15:43:26

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:22:54, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Red Kawa\Video Converter 3\RKVideoConverter.exe
C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\micro\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1123F607-82B4-45C9-8429-8DBC5EC84CDD} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fiprwiii.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rxnxatcs.dll",sitypnow
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WengoPhoneNG] E:\Apps\PortableWengoPhone\qtwengophone.exe -b (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Atuc] "C:\DOCUME~1\valentin\MESDOC~1\WNSXS~1\dexplore.exe" --ru -vt yazb (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmkhi.dll,c (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [SearchIndexer] rundll32.exe "C:\DOCUME~1\valentin\LOCALS~1\Temp\qdvtymot.dll",sitypnow (User 'valentin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O20 - Winlogon Notify: rqromkk - C:\WINDOWS\SYSTEM32\rqromkk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 13293 bytes
10 Octobre 2007 16:10:48

c est de pire en pire.Inpossible d utiliser internet explorer.
Il y a ce site qui s affiche tout le temps e qui fait beuguer:
découvert : cheval de Troie Trojan.Win32.Agent.bck URL: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Je ne sais pas ce qui va se passer si vous cliquez dessus!!!!!

Ci joint les capture d ecran.

10 Octobre 2007 16:21:27

Re

J'ai supprimé le lien, pas la peine de prendre de risque.


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
10 Octobre 2007 16:32:45

Oui il ne peut pas enelver ca:


Il va s eteindre.Je te tiens au courant
10 Octobre 2007 16:47:07

Suis bien cette instruction
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
10 Octobre 2007 16:58:09

Re

Il n'y a pas eu de téléchargement.
La page a failli s'afficher, mais cela ne s'est pas fait.
J'ai testé comme je le fais souvent dans mes recherches.

PS : évite le multi post, je supprime.
10 Octobre 2007 17:26:48

A chaque demarrage mon AV m avertit d un trojan.L il s appelle Trojan-Downloader.Win32.Tiny.id.


Je lance le scan avec combofix.Je vous tiens au courant
10 Octobre 2007 18:07:45

De nouveau la pub:


J ai un nouveau virus:


Je n arrive pas a scanner:
10 Octobre 2007 18:38:30

ah il y a un autre probleme:
J avais 3 sessions sur mon ordinateur il n y en a plus que 2.
10 Octobre 2007 21:07:17

Avec quel outil ne peux tu pas scanner ?

Si c'est Combofix, essaie en mode sans échec.
11 Octobre 2007 07:20:38

ok j essaie des que je peux.
11 Octobre 2007 19:52:36

Alors j ai reussi a le faire.Le resultat:
ah au fait j ai aussi un logiciel appele invader qui essaie de s introduire dans mes fichiers.

ComboFix 07-10-11.8 - micro 2007-10-11 19:28:17.1 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.356 [GMT 2:00]
Running from: C:\Documents and Settings\micro\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\WinAble
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ghwbjmws.dll
C:\WINDOWS\system32\hfvepuys.dll
C:\WINDOWS\system32\hnkgbiil.dll
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\ihkmp.tmp
C:\WINDOWS\system32\ihkmp.tmp
C:\WINDOWS\system32\ihkmp.tmp
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\rxnxatcs.dll
C:\WINDOWS\system32\sctaxnxr.ini
C:\WINDOWS\system32\swmjbwhg.ini
C:\WINDOWS\system32\syupevfh.ini
C:\WINDOWS\system32\vsnddqxv.ini
C:\WINDOWS\system32\vxqddnsv.dll
C:\WINDOWS\system32\yxdwcmmr.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 20:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 20:27 <REP> d-------- C:\Program Files\Panda Security
2007-10-10 19:53 <REP> d-------- C:\Documents and Settings\micro\Application Data\Grisoft
2007-10-10 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 19:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 19:48 <REP> d-------- C:\Program Files\CCleaner
2007-10-10 17:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 16:23 <REP> d-------- C:\VundoFix Backups
2007-10-09 21:36 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-09 21:36 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-09 21:33 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-09 21:22 5,544,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-09 21:22 65,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-09 21:17 <REP> d-------- C:\kav
2007-10-09 18:37 <REP> d-------- C:\Documents and Settings\micro\Application Data\Lavasoft
2007-10-08 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 18:31 <REP> d-------- C:\Program Files\Temporary
2007-10-06 18:27 34,816 --a------ C:\WINDOWS\system32\rqromkk.dll
2007-10-04 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-03 18:03 <REP> d-------- C:\Program Files\DVD Decrypter
2007-10-03 17:11 <REP> d-------- C:\Program Files\Vimicro
2007-10-01 18:47 <REP> d-------- C:\OSS117___LE_CAIRE_NID_D_ESPIONS
2007-09-29 16:47 <REP> d-------- C:\Documents and Settings\MASTER\LOCALS~1
2007-09-26 20:04 <REP> d-------- C:\Downloads
2007-09-26 19:43 <REP> d-------- C:\Program Files\FlashGet
2007-09-22 19:11 <REP> d-------- C:\Program Files\PSCS2Updater
2007-09-21 22:30 <REP> d-------- C:\Program Files\Skyline
2007-09-21 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skyline
2007-09-19 18:12 <REP> d-------- C:\Program Files\MagicISO
2007-09-14 12:25 <REP> d-------- C:\Documents and Settings\micro\Application Data\Media Player Classic
2007-09-14 09:02 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 17:22 75,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-11 17:22 7,196 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-10 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 09:06 --------- d-----w C:\Program Files\DivX
2007-10-10 08:55 --------- d-----w C:\Program Files\PokerStars
2007-10-07 15:53 --------- d-----w C:\Documents and Settings\micro\Application Data\Skype
2007-10-07 08:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-06 15:18 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2007-10-03 15:31 265,797 ----a-w C:\WINDOWS\system32\pdvcodec.dll
2007-10-03 15:26 --------- d-----w C:\Program Files\Red Kawa
2007-10-03 15:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-01 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-01 16:05 --------- d-----w C:\Documents and Settings\thibault\Application Data\U3
2007-09-23 16:54 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-09-21 20:12 --------- d-----w C:\Program Files\Google
2007-09-19 10:18 --------- d-----w C:\Program Files\Full Tilt Poker
2007-09-18 20:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-09-16 16:24 --------- d-----w C:\Program Files\eMule
2007-09-15 18:41 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-15 17:37 --------- d-----w C:\Program Files\Wanadoo
2007-09-14 07:02 --------- d-----w C:\Program Files\Apple Software Update
2007-09-09 18:34 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-09-08 10:55 --------- d-----w C:\Program Files\Free iPod Video Converter
2007-09-07 20:23 --------- d-----w C:\Program Files\BitLord
2007-09-03 20:04 --------- d-----w C:\Documents and Settings\micro\Application Data\U3
2007-09-03 15:01 --------- d-----w C:\Program Files\Azureus
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-03 14:27 69,624 ----a-w C:\Documents and Settings\All Users\Steam_api.dll
2007-07-03 14:27 338,936 ----a-w C:\Documents and Settings\All Users\vstdlib_s.dll
2007-07-03 14:27 3,261,688 ----a-w C:\Documents and Settings\All Users\Steam.dll
2007-07-03 14:27 251,384 ----a-w C:\Documents and Settings\All Users\WriteMiniDump.exe
2007-07-03 14:27 232,696 ----a-w C:\Documents and Settings\All Users\tier0_s.dll
2007-07-03 14:27 2,444,024 ----a-w C:\Documents and Settings\All Users\SteamUI.dll
2007-07-03 14:27 117,752 ----a-w C:\Documents and Settings\All Users\CSERHelper.dll
2007-07-03 14:27 1,313,528 ----a-w C:\Documents and Settings\All Users\steamclient.dll
2007-07-03 14:27 1,039,192 ----a-w C:\Documents and Settings\All Users\dbghelp.dll
2007-05-02 16:37 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2006-11-30 16:33 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
2006-11-12 12:12 25,839,664 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
2006-10-03 16:14 262,144 ----a-w C:\Documents and Settings\Invité\ntuser.dat
2006-09-10 12:42 4,752,968 ----a-w C:\Program Files\MsgPlus-363.exe
2006-07-06 09:09 136,161,744 ----a-w C:\Program Files\Nero-7.2.3.2b_fra_no_yt.exe
2006-07-03 16:19 6,121,488 ----a-w C:\Program Files\OSE.EXE
2006-06-06 18:56 11,290,496 ----a-w C:\Program Files\setupfre.exe
2006-04-03 15:46 1,104,734 ----a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip
2006-04-02 16:53 334,330 ----a-w C:\Program Files\travail (fiches).rar
2006-04-02 16:50 1,096,495 ----a-w C:\Program Files\winrar (logiciel décompression).exe
2006-03-22 21:08 6,897,717 ----a-w C:\Program Files\vsoConvertXtoDVD2_setup.exe
2006-03-06 20:41 115,305,568 ----a-w C:\Program Files\Nero-7.0.5.4_fra.exe
2006-01-01 19:07 5,037,072 ----a-w C:\Program Files\Spybot.exe
2006-01-01 15:07 11,477,288 ----a-w C:\Program Files\DivX Player.exe
2005-12-25 19:30 19,560 ----a-w C:\Documents and Settings\thibault\Application Data\GDIPFONTCACHEV1.DAT
2005-12-24 10:30 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-12-24 10:05 10,737,061 ----a-w C:\Program Files\NeroMIX-1.4.0.34a.exe
2005-12-20 21:08 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HttpDetect"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 11:37]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 16:58]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 18:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"= C:\WINDOWS\system32\rqromkk.dll [2007-10-06 18:27 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkk]
rqromkk.dll 2007-10-06 18:27 34816 C:\WINDOWS\system32\rqromkk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^thibault^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\thibault\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exp32sys]
C:\Documents and Settings\valentin\Mes documents\virus\Active Key Logger\Active Key Logger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeKeyLogger]
C:\Documents and Settings\valentin\Mes documents\docu word\HomeKeyLogger\KeyLogger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZSMC211;Webcam (ZS0211);C:\WINDOWS\system32\Drivers\ZS211.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1949c89-aa3e-11db-be3c-0016b65d8db9}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-28 09:40:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-11 17:38:59 C:\WINDOWS\Tasks\Internet Explorer.job"
"2007-10-11 17:38:57 C:\WINDOWS\Tasks\Nouvelle Tâche.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 19:37:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 19:44:16 - machine was rebooted
.
--- E O F ---
11 Octobre 2007 20:46:30

J ai cru qu il y a eu un bug au niveau de la 1 ere analyse.Je reposte donc celle que je vuens de faire.
Note:Je n ai plus eu le pb du rapport d erreur


ComboFix 07-10-11.8 - micro 2007-10-11 19:54:25.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 2:00]
Running from: C:\Documents and Settings\micro\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\jkhhi.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 20:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 20:27 <REP> d-------- C:\Program Files\Panda Security
2007-10-10 19:53 <REP> d-------- C:\Documents and Settings\micro\Application Data\Grisoft
2007-10-10 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 19:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 19:48 <REP> d-------- C:\Program Files\CCleaner
2007-10-10 17:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 16:23 <REP> d-------- C:\VundoFix Backups
2007-10-09 21:36 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-09 21:36 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-09 21:33 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-09 21:22 5,677,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-09 21:22 69,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-09 21:17 <REP> d-------- C:\kav
2007-10-09 18:37 <REP> d-------- C:\Documents and Settings\micro\Application Data\Lavasoft
2007-10-08 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 18:31 <REP> d-------- C:\Program Files\Temporary
2007-10-06 18:27 34,816 --a------ C:\WINDOWS\system32\rqromkk.dll
2007-10-04 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-03 18:03 <REP> d-------- C:\Program Files\DVD Decrypter
2007-10-03 17:11 <REP> d-------- C:\Program Files\Vimicro
2007-10-01 18:47 <REP> d-------- C:\OSS117___LE_CAIRE_NID_D_ESPIONS
2007-09-29 16:47 <REP> d-------- C:\Documents and Settings\MASTER\LOCALS~1
2007-09-26 20:04 <REP> d-------- C:\Downloads
2007-09-26 19:43 <REP> d-------- C:\Program Files\FlashGet
2007-09-22 19:11 <REP> d-------- C:\Program Files\PSCS2Updater
2007-09-21 22:30 <REP> d-------- C:\Program Files\Skyline
2007-09-21 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skyline
2007-09-19 18:12 <REP> d-------- C:\Program Files\MagicISO
2007-09-14 12:25 <REP> d-------- C:\Documents and Settings\micro\Application Data\Media Player Classic
2007-09-14 09:02 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 18:08 76,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-11 18:08 7,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-10 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 09:06 --------- d-----w C:\Program Files\DivX
2007-10-10 08:55 --------- d-----w C:\Program Files\PokerStars
2007-10-07 15:53 --------- d-----w C:\Documents and Settings\micro\Application Data\Skype
2007-10-07 08:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-06 15:18 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2007-10-03 15:26 --------- d-----w C:\Program Files\Red Kawa
2007-10-03 15:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-01 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-01 16:05 --------- d-----w C:\Documents and Settings\thibault\Application Data\U3
2007-09-23 16:54 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-09-21 20:12 --------- d-----w C:\Program Files\Google
2007-09-19 10:18 --------- d-----w C:\Program Files\Full Tilt Poker
2007-09-18 20:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-09-16 16:24 --------- d-----w C:\Program Files\eMule
2007-09-15 18:41 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-15 17:37 --------- d-----w C:\Program Files\Wanadoo
2007-09-14 07:02 --------- d-----w C:\Program Files\Apple Software Update
2007-09-09 18:34 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-09-08 10:55 --------- d-----w C:\Program Files\Free iPod Video Converter
2007-09-07 20:23 --------- d-----w C:\Program Files\BitLord
2007-09-03 20:04 --------- d-----w C:\Documents and Settings\micro\Application Data\U3
2007-09-03 15:01 --------- d-----w C:\Program Files\Azureus
2007-07-03 14:27 69,624 ----a-w C:\Documents and Settings\All Users\Steam_api.dll
2007-07-03 14:27 338,936 ----a-w C:\Documents and Settings\All Users\vstdlib_s.dll
2007-07-03 14:27 3,261,688 ----a-w C:\Documents and Settings\All Users\Steam.dll
2007-07-03 14:27 251,384 ----a-w C:\Documents and Settings\All Users\WriteMiniDump.exe
2007-07-03 14:27 232,696 ----a-w C:\Documents and Settings\All Users\tier0_s.dll
2007-07-03 14:27 2,444,024 ----a-w C:\Documents and Settings\All Users\SteamUI.dll
2007-07-03 14:27 117,752 ----a-w C:\Documents and Settings\All Users\CSERHelper.dll
2007-07-03 14:27 1,313,528 ----a-w C:\Documents and Settings\All Users\steamclient.dll
2007-07-03 14:27 1,039,192 ----a-w C:\Documents and Settings\All Users\dbghelp.dll
2007-05-02 16:37 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2006-11-30 16:33 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
2006-11-12 12:12 25,839,664 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
2006-10-03 16:14 262,144 ----a-w C:\Documents and Settings\Invité\ntuser.dat
2006-09-10 12:42 4,752,968 ----a-w C:\Program Files\MsgPlus-363.exe
2006-07-06 09:09 136,161,744 ----a-w C:\Program Files\Nero-7.2.3.2b_fra_no_yt.exe
2006-07-03 16:19 6,121,488 ----a-w C:\Program Files\OSE.EXE
2006-06-06 18:56 11,290,496 ----a-w C:\Program Files\setupfre.exe
2006-04-03 15:46 1,104,734 ----a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip
2006-04-02 16:53 334,330 ----a-w C:\Program Files\travail (fiches).rar
2006-04-02 16:50 1,096,495 ----a-w C:\Program Files\winrar (logiciel décompression).exe
2006-03-22 21:08 6,897,717 ----a-w C:\Program Files\vsoConvertXtoDVD2_setup.exe
2006-03-06 20:41 115,305,568 ----a-w C:\Program Files\Nero-7.0.5.4_fra.exe
2006-01-01 19:07 5,037,072 ----a-w C:\Program Files\Spybot.exe
2006-01-01 15:07 11,477,288 ----a-w C:\Program Files\DivX Player.exe
2005-12-25 19:30 19,560 ----a-w C:\Documents and Settings\thibault\Application Data\GDIPFONTCACHEV1.DAT
2005-12-24 10:30 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-12-24 10:05 10,737,061 ----a-w C:\Program Files\NeroMIX-1.4.0.34a.exe
2005-12-20 21:08 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HttpDetect"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 11:37]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 16:58]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 18:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"= C:\WINDOWS\system32\rqromkk.dll [2007-10-06 18:27 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkk]
rqromkk.dll 2007-10-06 18:27 34816 C:\WINDOWS\system32\rqromkk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^thibault^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\thibault\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exp32sys]
C:\Documents and Settings\valentin\Mes documents\virus\Active Key Logger\Active Key Logger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeKeyLogger]
C:\Documents and Settings\valentin\Mes documents\docu word\HomeKeyLogger\KeyLogger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZSMC211;Webcam (ZS0211);C:\WINDOWS\system32\Drivers\ZS211.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1949c89-aa3e-11db-be3c-0016b65d8db9}]
AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - GTNDIS5
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-28 09:40:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-11 18:14:40 C:\WINDOWS\Tasks\Internet Explorer.job"
"2007-10-11 18:14:38 C:\WINDOWS\Tasks\Nouvelle Tâche.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 20:15:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 20:17:44 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-11 19:44
.
--- E O F ---


11 Octobre 2007 21:10:36

Voila un nouveau scan.Ca s est ameliore?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:10:03, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\micro\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DC62823C-4B4F-4083-A705-73D4E875339C} - C:\WINDOWS\system32\vtsqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WengoPhoneNG] E:\Apps\PortableWengoPhone\qtwengophone.exe -b (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Atuc] "C:\DOCUME~1\valentin\MESDOC~1\WNSXS~1\dexplore.exe" --ru -vt yazb (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmkhi.dll,c (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [SearchIndexer] rundll32.exe "C:\DOCUME~1\valentin\LOCALS~1\Temp\thyrbuuk.dll",sitypnow (User 'valentin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O20 - Winlogon Notify: rqromkk - C:\WINDOWS\SYSTEM32\rqromkk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 13353 bytes
11 Octobre 2007 22:07:22

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\rqromkk.dll
C:\WINDOWS\Domino.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\system32\pmkhi.dll

Folder::
C:\Documents and Settings\valentin\Mes documents\virus\Active Key Logger
C:\Documents and Settings\valentin\Mes documents\docu word\HomeKeyLogger

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HttpDetect"=-
"ZSSnp211"=-
"Domino"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exp32sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeKeyLogger]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
12 Octobre 2007 18:35:30

Voila le scan combofix:

ComboFix 07-10-11.8 - micro 2007-10-12 18:22:00.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
Running from: C:\Documents and Settings\micro\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\micro\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\rqromkk.dll
C:\WINDOWS\ZSSnp211.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))))))))
.

2007-10-11 22:20 <REP> d-------- C:\Program Files\iTunes
2007-10-11 22:20 <REP> d-------- C:\Program Files\iPod
2007-10-11 21:27 21,312 --a------ C:\WINDOWS\choice.exe
2007-10-10 20:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 20:27 <REP> d-------- C:\Program Files\Panda Security
2007-10-10 19:53 <REP> d-------- C:\Documents and Settings\micro\Application Data\Grisoft
2007-10-10 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 19:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 19:48 <REP> d-------- C:\Program Files\CCleaner
2007-10-10 17:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 16:23 <REP> d-------- C:\VundoFix Backups
2007-10-09 21:36 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-09 21:36 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-09 21:33 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-09 21:22 6,132,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-09 21:22 113,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-09 21:17 <REP> d-------- C:\kav
2007-10-09 18:37 <REP> d-------- C:\Documents and Settings\micro\Application Data\Lavasoft
2007-10-08 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-06 18:31 <REP> d-------- C:\Program Files\Temporary
2007-10-04 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-03 18:03 <REP> d-------- C:\Program Files\DVD Decrypter
2007-10-03 17:11 <REP> d-------- C:\WINDOWS\EffectResources
2007-10-03 17:11 <REP> d-------- C:\WINDOWS\CatRoot
2007-10-03 17:11 <REP> d-------- C:\Program Files\Vimicro
2007-10-03 17:11 391,866 --a------ C:\WINDOWS\system32\drivers\ZS211.sys
2007-10-03 17:11 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-10-03 17:11 172,032 --a------ C:\WINDOWS\amcap.exe
2007-10-03 17:11 102,400 --a------ C:\WINDOWS\ZS211Cap.exe
2007-10-03 17:11 81,920 --a------ C:\WINDOWS\system32\ZS211STI.dll
2007-10-03 17:11 57,344 --a------ C:\WINDOWS\Sti211.exe
2007-10-01 18:47 <REP> d-------- C:\OSS117___LE_CAIRE_NID_D_ESPIONS
2007-09-29 16:47 <REP> d-------- C:\Documents and Settings\MASTER\LOCALS~1
2007-09-26 20:04 <REP> d-------- C:\Downloads
2007-09-26 19:43 <REP> d-------- C:\Program Files\FlashGet
2007-09-22 19:11 <REP> d-------- C:\Program Files\PSCS2Updater
2007-09-21 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skyline
2007-09-19 18:12 <REP> d-------- C:\Program Files\MagicISO
2007-09-14 12:25 <REP> d-------- C:\Documents and Settings\micro\Application Data\Media Player Classic
2007-09-14 09:02 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 14:19 --------- d-----w C:\Program Files\BitLord
2007-10-12 14:14 --------- d-----w C:\Program Files\VirtualDJ
2007-10-12 12:32 82,004 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-12 12:32 11,324 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-12 09:43 --------- d-----w C:\Program Files\Apple Software Update
2007-10-12 09:13 --------- d-----w C:\Program Files\PokerStars
2007-10-11 20:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 09:06 --------- d-----w C:\Program Files\DivX
2007-10-07 15:53 --------- d-----w C:\Documents and Settings\micro\Application Data\Skype
2007-10-06 15:18 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2007-10-03 15:31 265,797 ----a-w C:\WINDOWS\system32\pdvcodec.dll
2007-10-03 15:26 --------- d-----w C:\Program Files\Red Kawa
2007-10-03 15:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-01 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-01 16:05 --------- d-----w C:\Documents and Settings\thibault\Application Data\U3
2007-09-23 16:54 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-09-21 20:12 --------- d-----w C:\Program Files\Google
2007-09-19 10:18 --------- d-----w C:\Program Files\Full Tilt Poker
2007-09-18 20:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-09-16 16:24 --------- d-----w C:\Program Files\eMule
2007-09-15 18:41 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-15 17:37 --------- d-----w C:\Program Files\Wanadoo
2007-09-09 18:34 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-09-08 10:55 --------- d-----w C:\Program Files\Free iPod Video Converter
2007-09-03 20:04 --------- d-----w C:\Documents and Settings\micro\Application Data\U3
2007-09-03 15:01 --------- d-----w C:\Program Files\Azureus
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-03 14:27 69,624 ----a-w C:\Documents and Settings\All Users\Steam_api.dll
2007-07-03 14:27 338,936 ----a-w C:\Documents and Settings\All Users\vstdlib_s.dll
2007-07-03 14:27 3,261,688 ----a-w C:\Documents and Settings\All Users\Steam.dll
2007-07-03 14:27 251,384 ----a-w C:\Documents and Settings\All Users\WriteMiniDump.exe
2007-07-03 14:27 232,696 ----a-w C:\Documents and Settings\All Users\tier0_s.dll
2007-07-03 14:27 2,444,024 ----a-w C:\Documents and Settings\All Users\SteamUI.dll
2007-07-03 14:27 117,752 ----a-w C:\Documents and Settings\All Users\CSERHelper.dll
2007-07-03 14:27 1,313,528 ----a-w C:\Documents and Settings\All Users\steamclient.dll
2007-07-03 14:27 1,039,192 ----a-w C:\Documents and Settings\All Users\dbghelp.dll
2007-05-02 16:37 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2006-11-30 16:33 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
2006-11-12 12:12 25,839,664 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
2006-10-03 16:14 262,144 ----a-w C:\Documents and Settings\Invité\ntuser.dat
2006-09-10 12:42 4,752,968 ----a-w C:\Program Files\MsgPlus-363.exe
2006-07-06 09:09 136,161,744 ----a-w C:\Program Files\Nero-7.2.3.2b_fra_no_yt.exe
2006-07-03 16:19 6,121,488 ----a-w C:\Program Files\OSE.EXE
2006-06-06 18:56 11,290,496 ----a-w C:\Program Files\setupfre.exe
2006-04-03 15:46 1,104,734 ----a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip
2006-04-02 16:53 334,330 ----a-w C:\Program Files\travail (fiches).rar
2006-04-02 16:50 1,096,495 ----a-w C:\Program Files\winrar (logiciel décompression).exe
2006-03-22 21:08 6,897,717 ----a-w C:\Program Files\vsoConvertXtoDVD2_setup.exe
2006-03-06 20:41 115,305,568 ----a-w C:\Program Files\Nero-7.0.5.4_fra.exe
2006-01-01 19:07 5,037,072 ----a-w C:\Program Files\Spybot.exe
2006-01-01 15:07 11,477,288 ----a-w C:\Program Files\DivX Player.exe
2005-12-25 19:30 19,560 ----a-w C:\Documents and Settings\thibault\Application Data\GDIPFONTCACHEV1.DAT
2005-12-24 10:30 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-12-24 10:05 10,737,061 ----a-w C:\Program Files\NeroMIX-1.4.0.34a.exe
2005-12-20 21:08 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-11_19.42.16.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-11 20:03:40 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-10-11 20:25:05 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
+ 2007-10-12 09:43:34 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2007-10-11 05:02:44 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-12 06:21:11 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-11 05:02:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-10-12 06:21:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-10-11 05:02:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-12 06:21:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-06 11:28:16 30,336 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_A65621D65F5B7507DD7B22331826547BDD2D206B\usbaapl.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 18:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^thibault^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\thibault\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZSMC211;Webcam (ZS0211);C:\WINDOWS\system32\Drivers\ZS211.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1949c89-aa3e-11db-be3c-0016b65d8db9}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-12 09:43:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-12 13:20:54 C:\WINDOWS\Tasks\Internet Explorer.job"
"2007-10-12 13:20:53 C:\WINDOWS\Tasks\Nouvelle Tâche.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 18:31:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 18:33:10
C:\ComboFix2.txt ... 2007-10-11 22:55
C:\ComboFix3.txt ... 2007-10-11 20:17
.
--- E O F ---
12 Octobre 2007 18:42:56

Et le hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:40:42, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\micro\Bureau\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D5
12 Octobre 2007 18:49:21

Bonjour

Hijackthis est incomplet.
12 Octobre 2007 18:54:45

Une nouvelle intrusion de trojan generic.
hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:54:28, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\micro\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [WengoPhoneNG] E:\Apps\PortableWengoPhone\qtwengophone.exe -b (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Atuc] "C:\DOCUME~1\valentin\MESDOC~1\WNSXS~1\dexplore.exe" --ru -vt yazb (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmkhi.dll,c (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [SearchIndexer] rundll32.exe "C:\DOCUME~1\valentin\LOCALS~1\Temp\thyrbuuk.dll",sitypnow (User 'valentin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 13247 bytes


12 Octobre 2007 22:51:50

Re


C'est un fichier infectieux.

Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [Atuc] "C:\DOCUME~1\valentin\MESDOC~1\WNSXS~1\dexplore.exe" --ru -vt yazb (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\pmkhi.dll,c (User 'valentin')
O4 - HKUS\S-1-5-21-1757981266-861567501-839522115-1009\..\Run: [SearchIndexer] rundll32.exe "C:\DOCUME~1\valentin\LOCALS~1\Temp\thyrbuuk.dll",sitypnow (User 'valentin')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\valentin\Mes documents\WNSXS~1
C:\WINDOWS\system32\pmkhi.dll
C:\Documents and Settings\valentin\Local Settings\Temp\thyrbuuk.dll
C:\Documents and Settings\valentin\Mes documents\virus\Active Key Logger
C:\Documents and Settings\valentin\Mes documents\docu word\HomeKeyLogger
C:\WINDOWS\system32\rqromkk.dll
C:\WINDOWS\Domino.exe
C:\WINDOWS\ZSSnp211.exe


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS