Se connecter / S'enregistrer
Votre question

Helppppp ! ! ! C:\WINDOWS\retadpu1000627.exe\[UPX

Tags :
  • software
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Juin 2007 14:17:13

J'ai avast comme anti-virus mais impossible de trouver le fichier cité et impossible de faire toute action contre celui-ci...

En plus le virus se propage tout seul à nos contacts msn apparemment....


Voici mon rapport hijack this :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\QuickZip\QuickZip.exe
C:\DOCUME~1\Yas\LOCALS~1\Temp\QZTEMP\hijackthis.exe
C:\Documents and Settings\Yas\services.exe
C:\Documents and Settings\Yas\mon.exe
C:\DOCUME~1\Yas\LOCALS~1\Temp\nsm17.tmp\ns19.tmp
C:\DOCUME~1\Yas\LOCALS~1\Temp\second.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.7sur7.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC75BB6A-5412-4FF6-B1CC-8B0EF667C79F}: NameServer = 212.68.193.110
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

Autres pages sur : helppppp windows retadpu1000627 exe upx

a b 8 Sécurité
23 Juin 2007 14:18:20

Un bonjour ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    23 Juin 2007 14:19:48

    Oui désolée....

    Bonjour à tout le monde et merci pour votre aide, je vais exécuter ça, angel dark.

    Merci à toi
    23 Juin 2007 14:31:45

    undoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 14:20:29 23/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\ssqrq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\qrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrq.dll
    C:\WINDOWS\system32\ssqrq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    23 Juin 2007 14:32:30

    Logfile of HijackThis v1.99.1
    Scan saved at 14:32:15, on 23/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Documents and Settings\Yas\services.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\QuickZip\QuickZip.exe
    C:\DOCUME~1\Yas\LOCALS~1\Temp\QZTEMP\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.7sur7.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {D681F814-A3C3-4379-B4A1-2730F64272BA} - C:\WINDOWS\system32\ssqrq.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\cbxwttu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.ca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC75BB6A-5412-4FF6-B1CC-8B0EF667C79F}: NameServer = 212.68.193.110
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: cbxwttu - C:\WINDOWS\SYSTEM32\cbxwttu.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    a b 8 Sécurité
    23 Juin 2007 14:34:25

    Re,

    S'il vous plaît, aller ici pour uploader un fichier douteux pour analyse.
  • "Your Username:" - Entrez votre pseudo sur ce forum
  • "Topic Where File Was Requested:" - Copiez-collez le lien vers cette discussion
  • "File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\SYSTEM32\cbxwttu.dll
  • "Comments Or Further Info:" - Mentionnez s'il vous plaît que je vous ai demandé d'uploader ce fichier
  • Cliquez sur Send File

    &

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    23 Juin 2007 14:51:55

    Voili voulou


    ComboFix 07-06-21.3 - C:\Documents and Settings\Yas\Mes documents\Mes fichiers re‡us\ComboFix.exe
    "Yas" - 2007-06-23 14:45:00 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\internet optimizer
    C:\WINDOWS\system32\icons
    C:\WINDOWS\system32\icons\ben.ico
    C:\WINDOWS\system32\icons\ben2.ico
    C:\WINDOWS\system32\icons\ben3.ico
    C:\WINDOWS\system32\icons\ben4.ico
    C:\WINDOWS\system32\icons\ben5.ico
    C:\WINDOWS\system32\msxml3a.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


    2007-06-23 14:46 31,254 --a------ C:\WINDOWS\system32\rqrrqon.dll
    2007-06-23 14:43 31,254 --a------ C:\WINDOWS\system32\yayxuro.dll
    2007-06-23 14:39 31,254 --a------ C:\WINDOWS\system32\awtssqr.dll
    2007-06-23 14:38 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-23 14:36 31,254 --a------ C:\WINDOWS\system32\hggfgda.dll
    2007-06-23 14:33 31,254 --a------ C:\WINDOWS\system32\ljjghgg.dll
    2007-06-23 14:29 31,254 --a------ C:\WINDOWS\system32\efcbyxu.dll
    2007-06-23 14:24 31,254 --a------ C:\WINDOWS\system32\wvurqrq.dll
    2007-06-23 14:22 31,254 --a------ C:\WINDOWS\system32\efccyvs.dll
    2007-06-23 14:20 31,254 --a------ C:\WINDOWS\system32\xxyxxya.dll
    2007-06-23 14:20 <REP> d-------- C:\VundoFix Backups
    2007-06-23 14:19 31,254 --a------ C:\WINDOWS\system32\wvuuuuv.dll
    2007-06-23 14:17 31,254 --a------ C:\WINDOWS\system32\tuvurqp.dll
    2007-06-23 14:15 31,254 --a------ C:\WINDOWS\system32\ssqqopm.dll
    2007-06-23 14:13 31,254 --a------ C:\WINDOWS\system32\ddccday.dll
    2007-06-23 14:12 31,254 --a------ C:\WINDOWS\system32\wvuvuus.dll
    2007-06-23 14:10 71,906 --a------ C:\WINDOWS\system32\mon.exe
    2007-06-23 14:10 31,254 --a------ C:\WINDOWS\system32\hgggefe.dll
    2007-06-23 14:09 31,254 --a------ C:\WINDOWS\system32\mljgdcd.dll
    2007-06-23 13:59 31,254 --a------ C:\WINDOWS\system32\ssqpnkh.dll
    2007-06-23 13:56 31,254 --a------ C:\WINDOWS\system32\cbxwvwx.dll
    2007-06-23 13:51 31,254 --a------ C:\WINDOWS\system32\iifgddd.dll
    2007-06-23 13:48 31,254 --a------ C:\WINDOWS\system32\rqrqpnm.dll
    2007-06-23 13:44 31,254 --a------ C:\WINDOWS\system32\fccbcaa.dll
    2007-06-23 13:41 31,254 --a------ C:\WINDOWS\system32\rqrpnkl.dll
    2007-06-23 13:38 31,254 --a------ C:\WINDOWS\system32\yayvwus.dll
    2007-06-23 13:34 31,254 --a------ C:\WINDOWS\system32\ddcdcya.dll
    2007-06-23 13:31 31,254 --a------ C:\WINDOWS\system32\iifffge.dll
    2007-06-23 13:28 31,254 --a------ C:\WINDOWS\system32\vtuursq.dll
    2007-06-23 13:27 71,906 --a------ C:\DOCUME~1\Yas\mon.exe
    2007-06-23 13:27 240,022 --a------ C:\DOCUME~1\Yas\services.exe
    2007-06-23 11:48 31,254 --a------ C:\WINDOWS\system32\tuvvtsr.dll
    2007-06-23 11:43 31,254 --a------ C:\WINDOWS\system32\qomkklm.dll
    2007-06-23 11:38 31,254 --a------ C:\WINDOWS\system32\fccbaxx.dll
    2007-06-23 11:33 31,254 --a------ C:\WINDOWS\system32\pmnmklk.dll
    2007-06-23 11:28 31,254 --a------ C:\WINDOWS\system32\wvuutqo.dll
    2007-06-23 11:23 31,254 --a------ C:\WINDOWS\system32\opnmjki.dll
    2007-06-23 11:18 31,254 --a------ C:\WINDOWS\system32\xxywxur.dll
    2007-06-23 11:13 31,254 --a------ C:\WINDOWS\system32\tuvvurp.dll
    2007-06-23 11:08 31,254 --a------ C:\WINDOWS\system32\awtrsqp.dll
    2007-06-23 11:03 31,254 --a------ C:\WINDOWS\system32\ddccdef.dll
    2007-06-23 10:58 31,254 --a------ C:\WINDOWS\system32\ssqpqpp.dll
    2007-06-23 10:53 31,254 --a------ C:\WINDOWS\system32\cbxwttu.dll
    2007-06-19 18:11 <REP> d-------- C:\Program Files\The Creative Assembly
    2007-06-11 22:23 <REP> d-------- C:\Program Files\Dynasty
    2007-06-11 22:22 <REP> d-------- C:\Program Files\DDD Pool
    2007-06-08 17:06 <REP> d-------- C:\Program Files\Windows Live
    2007-06-07 21:27 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-06-07 21:27 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-05-26 13:35 <REP> d-------- C:\DOCUME~1\Yas\Saved Games
    2007-05-26 13:34 <REP> d-------- C:\DOCUME~1\Yas\APPLIC~1\iWin


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-23 08:53:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-22 11:28:43 -------- d-----w C:\Program Files\eMule
    2007-06-19 17:21:19 3,688 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-19 16:18:37 -------- d-----w C:\Program Files\GameSpy Arcade
    2007-06-19 16:11:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-15 11:41:43 16 ----a-w C:\WINDOWS\popcinfo.dat
    2007-06-11 20:24:20 -------- d-----w C:\DOCUME~1\Yas\APPLIC~1\U3
    2007-06-11 06:33:29 -------- d-----w C:\Program Files\Jewel Quest 2
    2007-06-08 15:06:08 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-05 15:51:59 32,496 -c--a-w C:\DOCUME~1\Yas\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-05-22 20:18:22 -------- d-----w C:\Program Files\Luxor
    2007-05-22 17:02:23 -------- d-----w C:\Program Files\Hotel Solitaire
    2007-05-21 20:10:24 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
    2007-05-21 20:02:17 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-03-29 19:01:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-03-27 18:42:56 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-27 18:42:56 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-27 16:27:38 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-07-23 19:56:10 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]
    {D681F814-A3C3-4379-B4A1-2730F64272BA}=C:\WINDOWS\system32\ssqrq.dll []
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\cbxwttu.dll [2007-06-23 10:53]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-29 19:41]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-11-13 22:10]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-05 12:50]
    "brutelecd"="" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
    "MPTBox"="C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe" [2002-08-08 08:52]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-05 15:59 C:\WINDOWS\SOUNDMAN.EXE]
    "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38]
    "RssReader"="C:\Program Files\RssReader\RssReader.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 18:31]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-23 15:31]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\cbxwttu.dll" [2007-06-23 10:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwttu]
    cbxwttu.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau
    Notification Packages :\WINDOWS\syste


    Contents of the 'Scheduled Tasks' folder
    2007-06-23 12:26:53 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
    2007-06-23 09:09:00 C:\WINDOWS\tasks\BitDefender 8 Professional.job
    2007-06-22 19:12:00 C:\WINDOWS\tasks\Défragmenteur de disque.job
    2007-06-23 12:26:52 C:\WINDOWS\tasks\Nettoyage de disque.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-23 14:48:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-23 14:50:13
    C:\ComboFix-quarantined-files.txt ... 2007-06-23 14:49

    --- E O F ---
    a b 8 Sécurité
    23 Juin 2007 14:53:00

    Reposte un rapport Hijackthis, tu as beaucoup de fichiers infectés.
    Mais on va y arriver ;) 
    23 Juin 2007 14:54:07

    Ok je m'y remets, en espérant que mes deux autres pc (celui de mon homme et de ma fille) ne sont pas touchés
    23 Juin 2007 14:54:24

    Logfile of HijackThis v1.99.1
    Scan saved at 14:54:15, on 23/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Yas\services.exe
    C:\Program Files\QuickZip\QuickZip.exe
    C:\DOCUME~1\Yas\LOCALS~1\Temp\QZTEMP\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.7sur7.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {D681F814-A3C3-4379-B4A1-2730F64272BA} - C:\WINDOWS\system32\ssqrq.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\cbxwttu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC75BB6A-5412-4FF6-B1CC-8B0EF667C79F}: NameServer = 212.68.193.110
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: cbxwttu - C:\WINDOWS\SYSTEM32\cbxwttu.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    a b 8 Sécurité
    23 Juin 2007 14:57:30

    Pourquoi tu n'as pas fait l'étape sur UploadMalware ?
    23 Juin 2007 14:58:27

    Ah ben si je l'ai faite...
    faut recommencer ?
    a b 8 Sécurité
    23 Juin 2007 15:06:07

    Recommence pour voir. Après, on attaque.
    23 Juin 2007 15:12:08

    j'avais pas joint le fichier...

    dsl suis blonde mdrrrr
    23 Juin 2007 15:21:05

    Nouveau COMBOFIX après réelle dde d'upload

    ComboFix 07-06-21.3 - C:\Documents and Settings\Yas\Mes documents\Mes fichiers re‡us\ComboFix.exe
    "Yas" - 2007-06-23 15:13:16 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


    2007-06-23 15:16 31,254 --a------ C:\WINDOWS\system32\mljghfd.dll
    2007-06-23 15:13 31,254 --a------ C:\WINDOWS\system32\wvuspmn.dll
    2007-06-23 15:09 31,254 --a------ C:\WINDOWS\system32\ddcdabc.dll
    2007-06-23 15:06 31,254 --a------ C:\WINDOWS\system32\tuvuron.dll
    2007-06-23 15:03 31,254 --a------ C:\WINDOWS\system32\mljgfge.dll
    2007-06-23 14:59 31,254 --a------ C:\WINDOWS\system32\tuvwtrs.dll
    2007-06-23 14:56 31,254 --a------ C:\WINDOWS\system32\wvuromm.dll
    2007-06-23 14:53 31,254 --a------ C:\WINDOWS\system32\byxwvvv.dll
    2007-06-23 14:49 31,254 --a------ C:\WINDOWS\system32\urqolji.dll
    2007-06-23 14:46 31,254 --a------ C:\WINDOWS\system32\rqrrqon.dll
    2007-06-23 14:43 31,254 --a------ C:\WINDOWS\system32\yayxuro.dll
    2007-06-23 14:39 31,254 --a------ C:\WINDOWS\system32\awtssqr.dll
    2007-06-23 14:38 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-23 14:36 31,254 --a------ C:\WINDOWS\system32\hggfgda.dll
    2007-06-23 14:33 31,254 --a------ C:\WINDOWS\system32\ljjghgg.dll
    2007-06-23 14:29 31,254 --a------ C:\WINDOWS\system32\efcbyxu.dll
    2007-06-23 14:24 31,254 --a------ C:\WINDOWS\system32\wvurqrq.dll
    2007-06-23 14:22 31,254 --a------ C:\WINDOWS\system32\efccyvs.dll
    2007-06-23 14:20 31,254 --a------ C:\WINDOWS\system32\xxyxxya.dll
    2007-06-23 14:20 <REP> d-------- C:\VundoFix Backups
    2007-06-23 14:19 31,254 --a------ C:\WINDOWS\system32\wvuuuuv.dll
    2007-06-23 14:17 31,254 --a------ C:\WINDOWS\system32\tuvurqp.dll
    2007-06-23 14:15 31,254 --a------ C:\WINDOWS\system32\ssqqopm.dll
    2007-06-23 14:13 31,254 --a------ C:\WINDOWS\system32\ddccday.dll
    2007-06-23 14:12 31,254 --a------ C:\WINDOWS\system32\wvuvuus.dll
    2007-06-23 14:10 71,906 --a------ C:\WINDOWS\system32\mon.exe
    2007-06-23 14:10 31,254 --a------ C:\WINDOWS\system32\hgggefe.dll
    2007-06-23 14:09 31,254 --a------ C:\WINDOWS\system32\mljgdcd.dll
    2007-06-23 13:59 31,254 --a------ C:\WINDOWS\system32\ssqpnkh.dll
    2007-06-23 13:56 31,254 --a------ C:\WINDOWS\system32\cbxwvwx.dll
    2007-06-23 13:51 31,254 --a------ C:\WINDOWS\system32\iifgddd.dll
    2007-06-23 13:48 31,254 --a------ C:\WINDOWS\system32\rqrqpnm.dll
    2007-06-23 13:44 31,254 --a------ C:\WINDOWS\system32\fccbcaa.dll
    2007-06-23 13:41 31,254 --a------ C:\WINDOWS\system32\rqrpnkl.dll
    2007-06-23 13:38 31,254 --a------ C:\WINDOWS\system32\yayvwus.dll
    2007-06-23 13:34 31,254 --a------ C:\WINDOWS\system32\ddcdcya.dll
    2007-06-23 13:31 31,254 --a------ C:\WINDOWS\system32\iifffge.dll
    2007-06-23 13:28 31,254 --a------ C:\WINDOWS\system32\vtuursq.dll
    2007-06-23 13:27 71,906 --a------ C:\DOCUME~1\Yas\mon.exe
    2007-06-23 13:27 240,022 --a------ C:\DOCUME~1\Yas\services.exe
    2007-06-23 11:48 31,254 --a------ C:\WINDOWS\system32\tuvvtsr.dll
    2007-06-23 11:43 31,254 --a------ C:\WINDOWS\system32\qomkklm.dll
    2007-06-23 11:38 31,254 --a------ C:\WINDOWS\system32\fccbaxx.dll
    2007-06-23 11:33 31,254 --a------ C:\WINDOWS\system32\pmnmklk.dll
    2007-06-23 11:28 31,254 --a------ C:\WINDOWS\system32\wvuutqo.dll
    2007-06-23 11:23 31,254 --a------ C:\WINDOWS\system32\opnmjki.dll
    2007-06-23 11:18 31,254 --a------ C:\WINDOWS\system32\xxywxur.dll
    2007-06-23 11:13 31,254 --a------ C:\WINDOWS\system32\tuvvurp.dll
    2007-06-23 11:08 31,254 --a------ C:\WINDOWS\system32\awtrsqp.dll
    2007-06-23 11:03 31,254 --a------ C:\WINDOWS\system32\ddccdef.dll
    2007-06-23 10:58 31,254 --a------ C:\WINDOWS\system32\ssqpqpp.dll
    2007-06-23 10:53 31,254 --a------ C:\WINDOWS\system32\cbxwttu.dll
    2007-06-19 18:11 <REP> d-------- C:\Program Files\The Creative Assembly
    2007-06-11 22:23 <REP> d-------- C:\Program Files\Dynasty
    2007-06-11 22:22 <REP> d-------- C:\Program Files\DDD Pool
    2007-06-08 17:06 <REP> d-------- C:\Program Files\Windows Live
    2007-06-07 21:27 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-06-07 21:27 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-05-26 13:35 <REP> d-------- C:\DOCUME~1\Yas\Saved Games
    2007-05-26 13:34 <REP> d-------- C:\DOCUME~1\Yas\APPLIC~1\iWin


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-23 08:53:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-22 11:28:43 -------- d-----w C:\Program Files\eMule
    2007-06-19 17:21:19 3,688 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-19 16:18:37 -------- d-----w C:\Program Files\GameSpy Arcade
    2007-06-19 16:11:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-15 11:41:43 16 ----a-w C:\WINDOWS\popcinfo.dat
    2007-06-11 20:24:20 -------- d-----w C:\DOCUME~1\Yas\APPLIC~1\U3
    2007-06-11 06:33:29 -------- d-----w C:\Program Files\Jewel Quest 2
    2007-06-08 15:06:08 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-05 15:51:59 32,496 -c--a-w C:\DOCUME~1\Yas\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-05-22 20:18:22 -------- d-----w C:\Program Files\Luxor
    2007-05-22 17:02:23 -------- d-----w C:\Program Files\Hotel Solitaire
    2007-05-21 20:10:24 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
    2007-05-21 20:02:17 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-03-29 19:01:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-03-27 18:42:56 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-27 18:42:56 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-27 16:27:38 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-07-23 19:56:10 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]
    {D681F814-A3C3-4379-B4A1-2730F64272BA}=C:\WINDOWS\system32\ssqrq.dll []
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\cbxwttu.dll [2007-06-23 10:53]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-29 19:41]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-11-13 22:10]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-05 12:50]
    "brutelecd"="" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
    "MPTBox"="C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe" [2002-08-08 08:52]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-05 15:59 C:\WINDOWS\SOUNDMAN.EXE]
    "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38]
    "RssReader"="C:\Program Files\RssReader\RssReader.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 18:31]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-23 15:31]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\cbxwttu.dll" [2007-06-23 10:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwttu]
    cbxwttu.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau
    Notification Packages :\WINDOWS\syste


    Contents of the 'Scheduled Tasks' folder
    2007-06-23 12:26:53 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
    2007-06-23 09:09:00 C:\WINDOWS\tasks\BitDefender 8 Professional.job
    2007-06-22 19:12:00 C:\WINDOWS\tasks\Défragmenteur de disque.job
    2007-06-23 12:26:52 C:\WINDOWS\tasks\Nettoyage de disque.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-23 15:17:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-23 15:20:04
    C:\ComboFix-quarantined-files.txt ... 2007-06-23 15:19
    C:\ComboFix2.txt ... 2007-06-23 14:50

    --- E O F ---
    a b 8 Sécurité
    23 Juin 2007 16:15:41

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\rqrrqon.dll
    C:\WINDOWS\system32\yayxuro.dll
    C:\WINDOWS\system32\awtssqr.dll
    C:\WINDOWS\system32\hggfgda.dll
    C:\WINDOWS\system32\ljjghgg.dll
    C:\WINDOWS\system32\efcbyxu.dll
    C:\WINDOWS\system32\wvurqrq.dll
    C:\WINDOWS\system32\efccyvs.dll
    C:\WINDOWS\system32\xxyxxya.dll
    C:\WINDOWS\system32\wvuuuuv.dll
    C:\WINDOWS\system32\tuvurqp.dll
    C:\WINDOWS\system32\ssqqopm.dll
    C:\WINDOWS\system32\ddccday.dll
    C:\WINDOWS\system32\wvuvuus.dll
    C:\WINDOWS\system32\mon.exe
    C:\WINDOWS\system32\hgggefe.dll
    C:\WINDOWS\system32\mljgdcd.dll
    C:\WINDOWS\system32\ssqpnkh.dll
    C:\WINDOWS\system32\cbxwvwx.dll
    C:\WINDOWS\system32\iifgddd.dll
    C:\WINDOWS\system32\rqrqpnm.dll
    C:\WINDOWS\system32\fccbcaa.dll
    C:\WINDOWS\system32\rqrpnkl.dll
    C:\WINDOWS\system32\yayvwus.dll
    C:\WINDOWS\system32\ddcdcya.dll
    C:\WINDOWS\system32\iifffge.dll
    C:\WINDOWS\system32\vtuursq.dll
    C:\Documents and Settings\Yas\mon.exe
    C:\Documents and Settings\Yas\services.exe
    C:\WINDOWS\system32\tuvvtsr.dll
    C:\WINDOWS\system32\qomkklm.dll
    C:\WINDOWS\system32\fccbaxx.dll
    C:\WINDOWS\system32\pmnmklk.dll
    C:\WINDOWS\system32\wvuutqo.dll
    C:\WINDOWS\system32\opnmjki.dll
    C:\WINDOWS\system32\xxywxur.dll
    C:\WINDOWS\system32\tuvvurp.dll
    C:\WINDOWS\system32\awtrsqp.dll
    C:\WINDOWS\system32\ddccdef.dll
    C:\WINDOWS\system32\ssqpqpp.dll
    C:\WINDOWS\system32\cbxwttu.dll

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D681F814-A3C3-4379-B4A1-2730F64272BA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxwttu]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de ComboFix-Do.txt

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Juin 2007 17:52:58

    ComboFix 07-06-21.3 - C:\Documents and Settings\Yas\Bureau\ComboFix.exe
    "Yas" - 2007-06-23 17:38:13 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\Yas\ComboFix-Do.txt


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ddccd.dll
    C:\WINDOWS\system32\dccdd.bak1
    C:\WINDOWS\system32\dccdd.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Yas\mon.exe
    C:\Documents and Settings\Yas\services.exe
    C:\VundoFix Backups
    C:\VundoFix Backups\addmorefiles.txt
    C:\VundoFix Backups\qrqss.bak1.bad
    C:\VundoFix Backups\qrqss.ini.bad
    C:\VundoFix Backups\ssqrq.dll.bad
    C:\WINDOWS\system32\awtrsqp.dll
    C:\WINDOWS\system32\awtssqr.dll
    C:\WINDOWS\system32\cbxwttu.dll
    C:\WINDOWS\system32\cbxwvwx.dll
    C:\WINDOWS\system32\ddccday.dll
    C:\WINDOWS\system32\ddccdef.dll
    C:\WINDOWS\system32\ddcdcya.dll
    C:\WINDOWS\system32\efcbyxu.dll
    C:\WINDOWS\system32\efccyvs.dll
    C:\WINDOWS\system32\fccbaxx.dll
    C:\WINDOWS\system32\fccbcaa.dll
    C:\WINDOWS\system32\hggfgda.dll
    C:\WINDOWS\system32\hgggefe.dll
    C:\WINDOWS\system32\iifffge.dll
    C:\WINDOWS\system32\iifgddd.dll
    C:\WINDOWS\system32\ljjghgg.dll
    C:\WINDOWS\system32\mljgdcd.dll
    C:\WINDOWS\system32\mon.exe
    C:\WINDOWS\system32\opnmjki.dll
    C:\WINDOWS\system32\pmnmklk.dll
    C:\WINDOWS\system32\qomkklm.dll
    C:\WINDOWS\system32\rqrpnkl.dll
    C:\WINDOWS\system32\rqrqpnm.dll
    C:\WINDOWS\system32\rqrrqon.dll
    C:\WINDOWS\system32\ssqpnkh.dll
    C:\WINDOWS\system32\ssqpqpp.dll
    C:\WINDOWS\system32\ssqqopm.dll
    C:\WINDOWS\system32\tuvurqp.dll
    C:\WINDOWS\system32\tuvvtsr.dll
    C:\WINDOWS\system32\tuvvurp.dll
    C:\WINDOWS\system32\vtuursq.dll
    C:\WINDOWS\system32\wvurqrq.dll
    C:\WINDOWS\system32\wvuutqo.dll
    C:\WINDOWS\system32\wvuuuuv.dll
    C:\WINDOWS\system32\wvuvuus.dll
    C:\WINDOWS\system32\xxywxur.dll
    C:\WINDOWS\system32\xxyxxya.dll
    C:\WINDOWS\system32\yayvwus.dll
    C:\WINDOWS\system32\yayxuro.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


    2007-06-23 15:26 31,254 --a------ C:\WINDOWS\system32\byxxvts.dll
    2007-06-23 15:23 31,254 --a------ C:\WINDOWS\system32\yayyyvu.dll
    2007-06-23 15:19 31,254 --a------ C:\WINDOWS\system32\wvutspq.dll
    2007-06-23 15:16 31,254 --a------ C:\WINDOWS\system32\mljghfd.dll
    2007-06-23 15:13 31,254 --a------ C:\WINDOWS\system32\wvuspmn.dll
    2007-06-23 15:09 31,254 --a------ C:\WINDOWS\system32\ddcdabc.dll
    2007-06-23 15:06 31,254 --a------ C:\WINDOWS\system32\tuvuron.dll
    2007-06-23 15:03 31,254 --a------ C:\WINDOWS\system32\mljgfge.dll
    2007-06-23 14:59 31,254 --a------ C:\WINDOWS\system32\tuvwtrs.dll
    2007-06-23 14:56 31,254 --a------ C:\WINDOWS\system32\wvuromm.dll
    2007-06-23 14:53 31,254 --a------ C:\WINDOWS\system32\byxwvvv.dll
    2007-06-23 14:49 31,254 --a------ C:\WINDOWS\system32\urqolji.dll
    2007-06-23 14:38 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-19 18:11 <REP> d-------- C:\Program Files\The Creative Assembly
    2007-06-11 22:23 <REP> d-------- C:\Program Files\Dynasty
    2007-06-11 22:22 <REP> d-------- C:\Program Files\DDD Pool
    2007-06-08 17:06 <REP> d-------- C:\Program Files\Windows Live
    2007-06-07 21:27 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-06-07 21:27 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-05-26 13:35 <REP> d-------- C:\DOCUME~1\Yas\Saved Games
    2007-05-26 13:34 <REP> d-------- C:\DOCUME~1\Yas\APPLIC~1\iWin


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-23 08:53:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-22 11:28:43 -------- d-----w C:\Program Files\eMule
    2007-06-19 17:21:19 3,688 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-19 16:18:37 -------- d-----w C:\Program Files\GameSpy Arcade
    2007-06-19 16:11:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-15 11:41:43 16 ----a-w C:\WINDOWS\popcinfo.dat
    2007-06-11 20:24:20 -------- d-----w C:\DOCUME~1\Yas\APPLIC~1\U3
    2007-06-11 06:33:29 -------- d-----w C:\Program Files\Jewel Quest 2
    2007-06-08 15:06:08 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-05 15:51:59 32,496 -c--a-w C:\DOCUME~1\Yas\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-05-22 20:18:22 -------- d-----w C:\Program Files\Luxor
    2007-05-22 17:02:23 -------- d-----w C:\Program Files\Hotel Solitaire
    2007-05-21 20:10:24 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
    2007-05-21 20:02:17 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-03-29 19:01:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-03-27 18:42:56 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-27 18:42:56 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-27 16:27:38 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-07-23 19:56:10 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-29 19:41]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-11-13 22:10]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-05 12:50]
    "brutelecd"="" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
    "MPTBox"="C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe" [2002-08-08 08:52]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-05 15:59 C:\WINDOWS\SOUNDMAN.EXE]
    "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38]
    "RssReader"="C:\Program Files\RssReader\RssReader.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 18:31]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-23 15:31]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\xxyyyaa.dll" [2007-06-23 17:48]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyyaa]
    xxyyyaa.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau
    Notification Packages :\WINDOWS\syste


    Contents of the 'Scheduled Tasks' folder
    2007-06-23 15:46:48 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
    2007-06-23 09:09:00 C:\WINDOWS\tasks\BitDefender 8 Professional.job
    2007-06-22 19:12:00 C:\WINDOWS\tasks\Défragmenteur de disque.job
    2007-06-23 15:46:48 C:\WINDOWS\tasks\Nettoyage de disque.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-23 17:47:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\xxyyyaa.dll

    scan completed successfully
    hidden files: 1

    **************************************************************************

    Completion time: 2007-06-23 17:50:47 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-23 17:50
    C:\ComboFix2.txt ... 2007-06-23 15:20
    C:\ComboFix3.txt ... 2007-06-23 14:50

    --- E O F ---
    23 Juin 2007 17:53:32

    Logfile of HijackThis v1.99.1
    Scan saved at 17:53:20, on 23/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Documents and Settings\Yas\services.exe
    C:\DOCUME~1\Yas\LOCALS~1\Temp\QZTEMP\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.7sur7.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC75BB6A-5412-4FF6-B1CC-8B0EF667C79F}: NameServer = 212.68.193.110
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: xxyyyaa - C:\WINDOWS\SYSTEM32\xxyyyaa.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    23 Juin 2007 17:53:54

    Voilà... J'espère que ça continue dans le bon sens...
    a b 8 Sécurité
    23 Juin 2007 18:15:15

    Tu peux recommencer mais avec ce script ?

    File::
    C:\WINDOWS\system32\xxyyyaa.dll
    C:\WINDOWS\system32\byxxvts.dll
    C:\WINDOWS\system32\yayyyvu.dll
    C:\WINDOWS\system32\wvutspq.dll
    C:\WINDOWS\system32\mljghfd.dll
    C:\WINDOWS\system32\wvuspmn.dll
    C:\WINDOWS\system32\ddcdabc.dll
    C:\WINDOWS\system32\tuvuron.dll
    C:\WINDOWS\system32\mljgfge.dll
    C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\wvuromm.dll
    C:\WINDOWS\system32\byxwvvv.dll
    C:\WINDOWS\system32\urqolji.dll
    C:\Documents and Settings\Yas\services.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyaa]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"=-
    23 Juin 2007 23:52:23

    Je dois faire comment ? s-)
    24 Juin 2007 10:41:14

    Désolée, mais je sais pas faire avec le scxript que tu m'as donné...
    24 Juin 2007 17:20:29

    Problème apparemment résolu avec l'anti-virus NOD32 V2.7
    a b 8 Sécurité
    26 Juin 2007 12:14:32

    Message supprimé : créez vos propres sujets
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS