Virus qui bloque tous - Sécurité, virus et assimilés::Virus

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

bigjoss

Posté le 20/05/2008 20:56:33

Bonjours a tous

J'ai plusieur pb.
j'ai un virus sur mon ordinateur qui me bloque tout mon PC, je ne peux que déplacer ma souris.Le problêm c'est qu'il me bloque mon Pc dés que je me met sur ma session. Je ne sais vraiment pas quoi faire et je ne me connait pas dutout en informatique*

De plus j'ai un autre virus ou trojan qui fait que d'envoyer des mails a partir de ma connection.

et enfin j'ai un font d'écran avec le message suivant qui c'est affiché dans la foulé.
le message est:
"Warning! Spyware detected on your computeur! install an antivirus or spyware remover to clean your computer."

Merci de bien vouloir me répondre.
En attendant votre réponse merci d'avance pour les conseil

naheulbeuk

Posté le 21/05/2008 09:05:30

bonjour,

1) Télécharge SmitFraudFix
Guide d'utilisation : http://mickael.barroux.free.fr/securite/smitfraudfix.php

Double clic sur SmitfraudFix.exe pour le lancer
Choisis l'option 1 (Recherche)
Post moi le rapport !

2) Redémarre en mode sans échec (F8 lors du boot)
Aide : http://mickael.barroux.free.fr/securite/smitfraudfix.php#nettoyage
Relance SmitfraudFix et choisis cette fois l’option 2 et réponds oui à chaque question

3) Redémarre en mode normal
Post moi le 2ème rapport !

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

bigjoss

Posté le 21/05/2008 23:25:54

Voici le 1er rapport que tu m'a demandé

SmitFraudFix v2.320

Rapport fait à 21:43:59,26, 21/05/2008
Exécuté à partir de C:\Documents and Settings\Jean claude\Bureau\SmitfraudFix
S: Microsoft Windows XP [version 5.1.2600] - windows_NT
Le type du système de fichiers est NTFs
Fix executé en mode normal

» » » » » » » » » » » » » » » » » » » » » Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Fichiers communs\logiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\System32\drivers\kodokCCS.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Fichiers communs\logiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\logiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\wscntfy.exe
C:\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe
C:\WINDOWS\System32\spool\DRIVERS\w32x86\3\E_S4I0S2.exe
C:\Program Files\Java\jre.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\winamp\winampa.exe
C:\Program Files\Loqitech\Quickcam\quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications-Helper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader-s1.exe
C:\WINDOWS\System32\ctfmona.exe
C:\WINDOWS\System32\rund1132.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows Live\messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\kodak\KODAK Software
Updater\7288971\program\backWeb-7288971.exe
C:\Program Files\kodak\kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\cmd.exe

» » » » » » » » » » » » » » » » » » » » » hosts
» » » » » » » » » » » » » » » » » » » » » C:\
» » » » » » » » » » » » » » » » » » » » » C:\WINDOWS
» » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system
» » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\web
» » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system32

C:\WINDOWS\system32\ctfmona.exe PRESENT !

» » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system32\LogFiles

» » » » » » » » » » » » » » » » » » » » » C:\Documents and settings\Jean Claude

» » » » » » » » » » » » » » » » » » » » » C:\Documents and settings\Jean Claude\Application Data

» » » » » » » » » » » » » » » » » » » » » Menu Démarrer

» » » » » » » » » » » » » » » » » » » » » C:\DOCUME~1\JEANCL~1\Favoris

» » » » » » » » » » » » » » » » » » » » » Bureau

» » » » » » » » » » » » » » » » » » » » » C:\ Program Files

» » » » » » » » » » » » » » » » » » » » » Clés corrompues

» » » » » » » » » » » » » » » » » » » » » Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About : Home"
"SubscribedURL"="About :Home"
"FriendlyName"="Ma page d’accueil"

» » » » » » » » » » » » » » » » » » » » » IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

IEDFix
Crédits : Malware Analysis & Diagnostic
Code : S ! Ri

» » » » » » » » » » » » » » » » » » » » » VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

VACFix
Crédits : Malware Analysis & Diagnostic
Code : S ! Ri

[ !] Suspicious : pvnsmfor.dll
Toolbar : pvnsmfor - {755F70ED-8112-4AEA-B77B-E11296C79DA7}
TypeLib: {4DF01EBE-8007-450D-811C-2E1DD5923664}
Interface: {DA76FE86-240B-4CC7-8BE5-D932579D82F5}
Classe: pvnsmfor.blqd
Classe: pvnsmfor.ToolBar.1

[ !] Suspicious: mpfanvqg.dll
SSODL: mpfanvqg - {A7313DE5-9D66-42CA-9338-FF20DDC8364A}

» » » » » » » » » » » » » » » » » » » » » 404Fix
!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

404Fix
Credits : Malware Analysis & Diagnostic
Code : S !Ri
» » » » » » » » » » » » » » » » » » » » Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

SrchSTS.exe by S !Ri
Search SharedTaskScheduler’s .dll

» » » » » » » » » » » » » » » » » » » » AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

» » » » » » » » » » » » » » » » » » » » Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées !!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

» » » » » » » » » » » » » » » » » » » » Rustock

» » » » » » » » » » » » » » » » » » » » DNS

Description: Carte Fast EthernetPCI de base sis 900 – Miniport d'ordonnancement
de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\.. \{41280AD9-AA83-44F6-9BCB-F581D375D44F}:
DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CC1\Services\Tcpip\.. \{41280AD9-AA83-44F6-9BCB-F581D375D44F}:
DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CC2\Services\Tcpip\.. \{41280AD9-AA83-44F6-9BCB-F581D375D44F}:
DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CC2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CC1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

» » » » » » » » » » » » » » » » » » » »Recherche infectin wininet.d11
» » » » » » » » » » » » » » » » » » » »fin

bigjoss

Posté le 21/05/2008 23:27:35

Voici le 2eme rapport.

Je te remercie pour tout et j'espere que tout va etre remis en place

SmitFraudFix v2.320

Rapport fait à 22:04:40,17, 21/05/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\pvnsmfor.dll deleted.
C:\WINDOWS\mpfanvqg.dll deleted.

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ctfmona.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{41280AD9-AA83-44F6-9BCB-F581D375D44F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{41280AD9-AA83-44F6-9BCB-F581D375D44F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{41280AD9-AA83-44F6-9BCB-F581D375D44F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

naheulbeuk

Posté le 22/05/2008 09:06:18

bonjour, c'est mieux

Télécharge HijackThis

Guide d'utilisation : http://mickael.barroux.free.fr/securite/hijackthis.php

Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

bigjoss

Posté le 22/05/2008 17:34:19

Voila le rapport que Hijackthis m'a donné

Logfile of HijackThis v1.99.1
Scan saved at 17:31:13, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANCL~1\LOCALS~1\Temp\Rar$EX00.782\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\josselin\LOCALS~1\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [e02282a0] rundll32.exe "C:\WINDOWS\system32\eymjhqgm.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTest.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUplo(...)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vbksrofa - {CAA56A77-C19B-4B75-8313-209415A4B874} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

naheulbeuk

Posté le 23/05/2008 09:18:16

bonjour, il reste encore du boulot

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

ComboFix redémarrera ton PC

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

bigjoss

Posté le 23/05/2008 14:49:39

Voila le rapport de ComboFix

ComboFix 08-05-21.3 - Administrateur 2008-05-22 13:54:06.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.375 [GMT 2:00]
Endroit: L:\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\urlredir.cfg
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\dynamic\ustat\3651.dat
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.txt
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.cdf
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.res
C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Jean Claude\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Jean Claude\Application Data\urlredir.cfg
C:\Documents and Settings\Jean Claude\Application Data\WeatherDPA
C:\Documents and Settings\Jean Claude\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\josselin\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\josselin\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\josselin\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\josselin\Application Data\ShoppingReport
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\josselin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\josselin\Application Data\urlredir.cfg
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Advanced Toolbar\buttons.xml
C:\Program Files\Adssite Advanced Toolbar\search.xml
C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Program Files\Fichiers communs\{30228~1
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\bJiQqBeg.ini
C:\WINDOWS\system32\bJiQqBeg.ini2
C:\WINDOWS\system32\cgifybid.ini
C:\WINDOWS\system32\drivers\chL26.sys
C:\WINDOWS\system32\drivers\chL50.sys
C:\WINDOWS\system32\drivers\fkO61.sys
C:\WINDOWS\system32\drivers\Kpt15.sys
C:\WINDOWS\system32\drivers\Kqu04.sys
C:\WINDOWS\system32\drivers\Lrv73.sys
C:\WINDOWS\system32\drivers\Oty05.sys
C:\WINDOWS\system32\drivers\vcG04.sys
C:\WINDOWS\system32\eymjhqgm.dll
C:\WINDOWS\system32\geBqQiJb.dll
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\mgqhjmye.ini
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 14:04 . 2008-05-22 14:04 29,056 --a------ C:\WINDOWS\system32\drivers\msW83.sys
2008-05-22 14:04 . 2008-05-22 14:04 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
2008-05-21 21:39 . 2008-05-21 17:35 1,390,349 --a------ C:\SmitfraudFix.exe
2008-05-20 22:03 . 2008-05-20 22:07 <REP> d-------- C:\SmitfraudFix
2008-05-20 21:44 . 2008-05-20 22:05 3,642 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-20 21:43 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-20 21:43 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-20 21:43 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-20 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-20 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-20 21:43 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-20 21:43 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-20 21:43 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-19 18:42 . 2007-01-02 15:35 <REP> d--h----- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Voisinage r‚seau
2008-05-19 18:42 . 2007-01-02 15:35 <REP> d--h----- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Voisinage d'impression
2008-05-19 18:42 . 2007-01-02 14:42 <REP> d--h----- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\ModŠles
2008-05-19 18:42 . 2007-01-02 15:35 <REP> d-------- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Mes documents
2008-05-19 18:42 . 2007-01-02 15:35 <REP> dr------- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Menu D‚marrer
2008-05-19 18:42 . 2007-01-02 15:35 <REP> d-------- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Favoris
2008-05-19 18:42 . 2008-05-22 14:02 <REP> d-------- C:\Documents and Settings\Administrateur.JEAN-464E0909A6\Bureau
2008-05-19 18:42 . 2008-05-19 18:42 <REP> d-------- C:\Documents and Settings\Administrateur.JEAN-464E0909A6
2008-05-16 18:13 . 2008-05-22 13:44 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-16 06:35 . 2008-05-15 18:34 160,256 --a------ C:\WINDOWS\system32\14EF.tmp
2008-05-15 17:40 . 2008-05-15 03:48 172,032 --a------ C:\WINDOWS\epfg.exe
2008-05-15 17:40 . 2008-05-15 03:49 90,112 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-15 17:40 . 2008-05-15 17:40 29,312 --a------ C:\WINDOWS\system32\urqPfGxv.dll
2008-05-15 17:35 . 2008-05-20 21:59 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-15 17:35 . 2008-05-20 21:59 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-25 20:27 . 2008-04-25 20:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 12:07 --------- d-----w C:\Documents and Settings\Jean Claude\Application Data\Skype
2008-05-16 06:31 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-05-13 19:21 --------- d-----w C:\Documents and Settings\josselin\Application Data\Skype
2008-04-24 17:54 26,962 ----a-w C:\Documents and Settings\Jean Claude\Application Data\mdb.bin
2008-04-24 17:44 --------- d-----w C:\Program Files\Auchan Photogénie
2008-04-20 20:13 --------- d-----w C:\Program Files\Tarobot
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 23:49 --------- d-----w C:\Documents and Settings\Aude.JEAN-464E0909A6\Application Data\Skype
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-09-14 17:03 72,152 ----a-w C:\Documents and Settings\Aude\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 11:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31346244-4AA0-4276-9ED7-29A041D29677}]
C:\WINDOWS\system32\geBqQiJb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F2194FF-4E9C-4948-A5FB-E5D7A05AAB9E}]
2008-05-15 17:40 29312 --a------ C:\WINDOWS\system32\urqPfGxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F2AD98D-C320-4708-A352-3DA00E99CE4D}]
2008-05-22 14:10 318848 --a------ C:\WINDOWS\system32\yayaBTlm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 17:19 5728112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 15:40 68856]
"WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-10-07 19:38 63344]
"PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" [ ]
"WeatherDPA"="C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"STICAP"="C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe" [2004-11-05 10:59 155648]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 09:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"@"="" []
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-09-13 18:24 39424]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-29 11:39 185632]
"postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"advap32"="C:\DOCUME~1\josselin\LOCALS~1\Temp\stdcons.exe/r" [ ]
"e02282a0"="C:\WINDOWS\system32\eymjhqgm.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF28655.exe" [2004-08-04 00:54 400896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F2194FF-4E9C-4948-A5FB-E5D7A05AAB9E}"= C:\WINDOWS\system32\urqPfGxv.dll [2008-05-15 17:40 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vbksrofa"= {CAA56A77-C19B-4B75-8313-209415A4B874} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfGxv]
urqPfGxv.dll 2008-05-15 17:40 29312 C:\WINDOWS\system32\urqPfGxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 2008-05-22 13:44 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayaBTlm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Afj48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bgL05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chL26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chL50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fkO61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fkP73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kpt15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kqu04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrv73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msW83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oty05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uae37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcG04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xej16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yej72.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\nms\\nmsd.exe"=
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\xtop.exe"=
"C:\\Program Files\\proeWildfire 2.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\PeerTV\\PeerCast.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 Afj48;Afj48;C:\WINDOWS\system32\Drivers\Afj48.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47e03ce6-9a66-11db-bdc2-00e018e10433}]
\Shell\AutoRun\command - H:\start.exe
\Shell\FramaKey\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47e03ce7-9a66-11db-bdc2-00e018e10433}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64108ecf-9a60-11db-bdc0-00e018e10433}]
\Shell\AutoRun\command - H:\start.exe
\Shell\FramaKey\command - H:\start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-22 11:03:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

bigjoss

Posté le 23/05/2008 14:51:45

Voici le rapport de hijackthis.

Par contre je voulais savoir en fait je fais les manip sans internet car si je le fait avec mon PC plante total est ce ke ca a de l'importance ou pas

Merci C vraiment cool se que tu fais mour moi

Logfile of HijackThis v1.99.1
Scan saved at 14:48, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NetFx20SP1_x86.exe
e:\c297939b79143cc9dca9d0\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANCL~1\LOCALS~1\Temp\Rar$EX01.437\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F2194FF-4E9C-4948-A5FB-E5D7A05AAB9E} - C:\WINDOWS\system32\urqPfGxv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\USB2.0Camera\SnapTrap.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTest.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUplo(...)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqPfGxv - C:\WINDOWS\SYSTEM32\urqPfGxv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vbksrofa - {CAA56A77-C19B-4B75-8313-209415A4B874} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

naheulbeuk

Posté le 24/05/2008 11:50:01

bonjour,

Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

Mais clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://mickael.barroux.free.fr/securite/antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

bigjoss

Posté le 26/05/2008 22:03:42

Voici le rapport que Antivir mais donné.

Avira AntiVir Personal
Report file date: 2008-05-25 17:40

Scanning for 1292849 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: JEAN-464E0909A6

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 15:30:28
ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 2008-05-26 15:30:30
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-25 15:32:35
AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-25 15:32:31
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-25 15:32:13
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-25 15:31:46
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-25 15:31:10
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-25 15:31:09
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-25 15:30:48
AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-25 15:30:37
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-25 15:30:34
AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-25 15:30:31
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: A:, C:, D:, E:, F:, G:, H:, I:, J:, K:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-05-25 17:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\urqPfGxv.dll
[DETECTION] Is the Trojan horse TR/Vundo.EMO
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\WinCtrl32.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]

The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.92
[NOTE] The file was moved to '48a28906.qua'!
C:\Documents and Settings\Jean Claude\Local Settings\Temporary Internet Files\Content.IE5\Y2NDIT2U\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ac8a75.qua'!
C:\QooBox\Quarantine\catchme2008-05-22_143342.93.zip
[0] Archive type: ZIP
--> yayaBTlm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ad93a6.qua'!
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[NOTE] The file was moved to '48a293b6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\geBqQiJb.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '487b93ae.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487c9396.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yayaBTlm.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48b293ab.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\chL26.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488593b3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\chL50.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49028d64.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\fkO61.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488893b6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Kpt15.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ad93bb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Kqu04.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ae93bd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Lrv73.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48af93be.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\msW83.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '489093bf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Oty05.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b293c1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\vcG04.sys.vir
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488093b0.qua'!
C:\WINDOWS\epfg.exe
[DETECTION] Is the Trojan horse TR/Vapsup.fft
[NOTE] The file was moved to '489f93c8.qua'!
C:\WINDOWS\oadkxrts.exe
[DETECTION] Is the Trojan horse TR/Vapsup.fft.2
[NOTE] The file was moved to '489d93bf.qua'!
C:\WINDOWS\system32\cbXNEXPj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\urqPfGxv.dll
[DETECTION] Is the Trojan horse TR/Vundo.EMO
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\WinCtrl32.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\drivers\joT50.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Josselin>
D:\Documents and Settings\josselin\Shared\1589 pregnant pics.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was moved to '4871b2f8.qua'!
D:\Documents and Settings\josselin\Shared\ATK Pregnant Amateurs 1.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.GetCodec.A
[NOTE] The file was moved to '4884b317.qua'!
Begin scan in 'E:\' <photos>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\' <Disque local Ancien>
Begin scan in 'I:\' <Josselin ancien>
Begin scan in 'J:\' <Judo>
Begin scan in 'K:\' <Sauvegarde>
Begin scan in 'L:\'

End of the scan: 2008-05-25 21:16
Used time: 3:35:50 min

The scan has been done completely.

8314 Scanning directories
365643 Files were scanned
25 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
20 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
365618 Files not concerned
1653 Archives were scanned
7 Warnings
20 Notes

naheulbeuk

Posté le 27/05/2008 09:23:08

bonjour,

Passe un coup de MalwareBytes et nettoie tout ce qu'il trouve
Aide : http://mickael.barroux.free.fr/securite/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

bigjoss

Posté le 27/05/2008 20:53:52

Voici le rapport que tu m'a demandé.

Merci encore pour tous

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 790

Type de recherche: Examen complet (C:\|D:\|E:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 193331
Temps écoulé: 30 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXNEXPj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\oxaghbom.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\urqPfGxv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40ec7b6c-43d3-4c53-a90f-40ba88b94e49} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{40ec7b6c-43d3-4c53-a90f-40ba88b94e49} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4f2194ff-4e9c-4948-a5fb-e5d7a05aab9e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f2194ff-4e9c-4948-a5fb-e5d7a05aab9e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqpfgxv (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e02282a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f2194ff-4e9c-4948-a5fb-e5d7a05aab9e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxnexpj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxnexpj -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cbXNEXPj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jPXENXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jPXENXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ougeshye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyhseguo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxaghbom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mobhgaxo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP484\A0090643.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0090677.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0090692.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0090703.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0090710.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0091703.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FABA730C-3447-4451-AE20-81655A1A2E3C}\RP485\A0091713.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C: