dam22

Merci beaucoup pour ton aide. Bonne continuation Salutations

Je viens de faire un scan antivir. Voila le rapport: Avira AntiVir Personal Report file date: jeudi 19 juin 2008 19:23 Scanning for 1348509 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: DELCUSE-90776FD Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 18:20:16 ANTIVIR3.VDF : 7.0.4.224 226816 Bytes 19/06/2008 17:19:54 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 17/06/2008 18:20:46 AESCN.DLL : 8.1.0.21 119156 Bytes 17/06/2008 18:20:43 AERDL.DLL : 8.1.0.20 418165 Bytes 17/06/2008 18:20:42 AEPACK.DLL : 8.1.1.5 364918 Bytes 17/06/2008 18:20:39 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/06/2008 18:20:36 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 17/06/2008 18:20:35 AEHELP.DLL : 8.1.0.15 115063 Bytes 17/06/2008 18:20:27 AEGEN.DLL : 8.1.0.28 307572 Bytes 17/06/2008 18:20:25 AEEMU.DLL : 8.1.0.6 430451 Bytes 17/06/2008 18:20:22 AECORE.DLL : 8.1.0.31 168310 Bytes 17/06/2008 18:20:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 19 juin 2008 19:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'wcmdmgr.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\Documents and Settings\LocalService.AUTORITE NT\Application Data\551912341.exe.vir [DETECTION] Is the Trojan horse TR/Hijacker.Gen [NOTE] The file was moved to '488bab88.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\lphcjkdj0el4r.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c2abec.qua'! End of the scan: jeudi 19 juin 2008 21:07 Used time: 1:44:01 min The scan has been done completely. 5507 Scanning directories 218386 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 218384 Files not concerned 1880 Archives were scanned 6 Warnings 2 Notes

Is the Trojan Horse TR.... dans System Volume Information VOILA

J'au eu 2 alertes virus hier matin et soir par antivir, je les ai mis en quarantaine. Sinon, il n'y a plus de symptomes du spyware. Merci!!!

Voici le rapport Hijackthis maintenant : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:19, on 18/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\DELCUS~1.DEL\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Alice ADSL - {41FC9C9D-4A0F-475F-8035-D8DBD044E53D} - http://www.aliceadsl.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aliceadsl.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://clients.cdiscount.com/Order/TechCit...x/CDiscount.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 7248 bytes

Voici le rapport ComboFix comme demandé ci dessus : ComboFix 08-06-16.5 - DELCUSE Damien 2008-06-18 20:14:57.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.183 [GMT 2:00] Endroit: C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))))))) . 2008-06-17 20:14 . 2008-06-17 20:14 <REP> d-------- C:\Program Files\Avira 2008-06-17 20:14 . 2008-06-17 20:14 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2008-06-16 22:29 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-16 22:29 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-16 22:29 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-16 22:29 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-16 22:29 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-06-16 22:29 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-16 22:29 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-06-16 22:29 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-16 22:29 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-16 21:02 . 2008-06-16 21:02 <REP> d-------- C:\WINDOWS\ERUNT 2008-06-16 20:36 . 2008-06-16 22:17 <REP> d-------- C:\SDFix 2008-06-15 23:09 . 2008-06-16 04:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-06-15 21:49 . 2008-06-15 21:49 <REP> d-------- C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Malwarebytes 2008-06-15 21:49 . 2008-06-15 21:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-06-11 08:01 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-11 08:00 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-31 12:50 . 2008-06-03 06:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-31 12:50 . 2008-05-31 12:50 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 18:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-06-16 20:32 2,758 ----a-w C:\WINDOWS\system32\tmp.reg 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\LimeWire 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\BitTorrent 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Azureus 2008-05-28 07:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-17 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 17:48 63,488 -c--a-w C:\WINDOWS\xobglu16.dll 2008-04-21 17:48 23,552 -c--a-w C:\WINDOWS\xobglu32.dll 2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll 2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-13 17:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 17:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 17:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 09:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 09:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-02 08:59 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-01-22 13:31 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2001-08-28 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-17_ 5.15.10.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-17 03:11:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-17 18:10:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-22 22:49 20480] "SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SOUNDMAN.EXE] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184] "AlcWzrd"="ALCWZRD.EXE" [2005-06-29 13:26 2806272 C:\WINDOWS\ALCWZRD.EXE] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 13:58:20 152616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wavemapper"= msacm32.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CbEvtSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupXu.exe"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 10:17] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 03:23] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\DELCUS~1.DEL\LOCALS~1\Temp\iatmunin.sys [] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-24 15:42:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 20:17:25 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-18 20:18:29 ComboFix-quarantined-files.txt 2008-06-18 18:18:18 ComboFix2.txt 2008-06-18 17:26:58 Pre-Run: 157,037,813,760 octets libres Post-Run: 157,026,922,496 octets libres 162 --- E O F --- 2008-06-12 06:37:20

Quel rapport car j'ai tous effacés hier soir pensant ne plus avoir de virus. Je refais une analyse avec ComboFix? Désolé.

Voici le rapport combofix, le virus semble avoir disparu mais mon bureau est encore bleu. ComboFix 08-06-16.2 - DELCUSE Damien 2008-06-17 5:05:01.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.138 [GMT 2:00] Endroit: C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Mes documents\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\shclkdj0el4r C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Application Data\qiusokg.dat c:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe c:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Application Data\qiusokg_nav.dat c:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Application Data\qiusokg_navps.dat C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\551912341.exe C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\shclkdj0el4r C:\Program Files\shclkdj0el4r C:\WINDOWS\pack.epk C:\WINDOWS\system32\blphcjkdj0el4r.scr C:\WINDOWS\system32\lphcjkdj0el4r.exe C:\WINDOWS\system32\phcjkdj0el4r.bmp C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CBEVTSVC -------\Legacy_FOPN -------\Legacy_VSPF -------\Legacy_VSPF_HK ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))))))) . 2008-06-16 22:29 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-16 22:29 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-16 22:29 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-16 22:29 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-16 22:29 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-06-16 22:29 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-16 22:29 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-06-16 22:29 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-16 22:29 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-16 21:02 . 2008-06-16 21:02 <REP> d-------- C:\WINDOWS\ERUNT 2008-06-16 20:36 . 2008-06-16 22:17 <REP> d-------- C:\SDFix 2008-06-16 18:11 . 2008-06-16 16:29 60,928 --a------ C:\WINDOWS\system32\B9.tmp 2008-06-16 04:41 . 2008-06-16 04:31 60,928 --a------ C:\WINDOWS\system32\87.tmp 2008-06-16 04:31 . 2008-06-16 04:21 60,928 --a------ C:\WINDOWS\system32\84.tmp 2008-06-16 04:21 . 2008-06-16 04:11 60,928 --a------ C:\WINDOWS\system32\81.tmp 2008-06-16 04:11 . 2008-06-16 04:01 60,928 --a------ C:\WINDOWS\system32\7E.tmp 2008-06-16 04:01 . 2008-06-16 03:51 60,928 --a------ C:\WINDOWS\system32\7B.tmp 2008-06-16 03:51 . 2008-06-16 03:40 60,928 --a------ C:\WINDOWS\system32\78.tmp 2008-06-16 03:40 . 2008-06-16 03:30 60,928 --a------ C:\WINDOWS\system32\75.tmp 2008-06-16 03:30 . 2008-06-16 03:20 60,928 --a------ C:\WINDOWS\system32\72.tmp 2008-06-16 03:20 . 2008-06-16 03:10 60,928 --a------ C:\WINDOWS\system32\6F.tmp 2008-06-16 03:10 . 2008-06-16 03:00 60,928 --a------ C:\WINDOWS\system32\6C.tmp 2008-06-16 03:00 . 2008-06-16 02:50 60,928 --a------ C:\WINDOWS\system32\69.tmp 2008-06-16 02:50 . 2008-06-16 02:40 60,928 --a------ C:\WINDOWS\system32\65.tmp 2008-06-16 02:40 . 2008-06-16 02:30 60,928 --a------ C:\WINDOWS\system32\62.tmp 2008-06-16 02:30 . 2008-06-16 02:20 60,928 --a------ C:\WINDOWS\system32\5F.tmp 2008-06-16 02:20 . 2008-06-16 02:10 60,928 --a------ C:\WINDOWS\system32\5C.tmp 2008-06-16 02:10 . 2008-06-16 01:59 60,928 --a------ C:\WINDOWS\system32\59.tmp 2008-06-16 01:59 . 2008-06-16 01:49 60,928 --a------ C:\WINDOWS\system32\56.tmp 2008-06-16 01:49 . 2008-06-16 01:39 60,928 --a------ C:\WINDOWS\system32\53.tmp 2008-06-16 01:39 . 2008-06-16 01:29 60,928 --a------ C:\WINDOWS\system32\50.tmp 2008-06-16 01:29 . 2008-06-16 01:19 60,928 --a------ C:\WINDOWS\system32\4D.tmp 2008-06-16 01:19 . 2008-06-16 01:09 60,928 --a------ C:\WINDOWS\system32\49.tmp 2008-06-16 01:09 . 2008-06-16 00:59 60,928 --a------ C:\WINDOWS\system32\46.tmp 2008-06-16 00:59 . 2008-06-16 00:49 60,928 --a------ C:\WINDOWS\system32\43.tmp 2008-06-16 00:49 . 2008-06-16 00:39 60,928 --a------ C:\WINDOWS\system32\40.tmp 2008-06-16 00:39 . 2008-06-16 00:29 60,928 --a------ C:\WINDOWS\system32\3D.tmp 2008-06-16 00:29 . 2008-06-16 00:19 60,928 --a------ C:\WINDOWS\system32\3A.tmp 2008-06-16 00:18 . 2008-06-16 00:08 60,928 --a------ C:\WINDOWS\system32\36.tmp 2008-06-16 00:08 . 2008-06-15 23:58 60,928 --a------ C:\WINDOWS\system32\33.tmp 2008-06-15 23:09 . 2008-06-16 04:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-06-15 21:49 . 2008-06-15 21:49 <REP> d-------- C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Malwarebytes 2008-06-15 21:49 . 2008-06-15 21:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-06-15 21:37 . 2008-06-15 21:45 <REP> d-------- C:\Program Files\Yahoo! 2008-06-15 20:36 . 2008-06-15 20:26 60,928 --a------ C:\WINDOWS\system32\68.tmp 2008-06-11 08:01 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-11 08:00 . 2008-04-14 17:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-31 12:50 . 2008-06-03 06:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-31 12:50 . 2008-05-31 12:50 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 20:32 2,758 ----a-w C:\WINDOWS\system32\tmp.reg 2008-06-14 18:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\LimeWire 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\BitTorrent 2008-05-30 07:20 --------- d-----w C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Azureus 2008-05-28 07:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-17 08:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 11:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 17:48 63,488 -c--a-w C:\WINDOWS\xobglu16.dll 2008-04-21 17:48 23,552 -c--a-w C:\WINDOWS\xobglu32.dll 2008-04-17 06:42 --------- d-----w C:\Program Files\Microsoft Works 2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll 2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-13 17:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 17:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 17:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 09:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 09:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll 2008-04-02 08:59 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-01-22 13:31 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2001-08-28 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-22 22:49 20480] "SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SOUNDMAN.EXE] "SMshclkdj0el4r"="C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe" [ ] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184] "AlcWzrd"="ALCWZRD.EXE" [2005-06-29 13:26 2806272 C:\WINDOWS\ALCWZRD.EXE] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wavemapper"= msacm32.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CbEvtSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupXu.exe"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 10:17] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 03:23] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\DELCUS~1.DEL\LOCALS~1\Temp\iatmunin.sys [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-24 15:42:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 05:12:36 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\WINDOWS\system32\wdfmgr.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-17 5:15:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-17 03:15:26 Pre-Run: 156,993,634,304 octets libres Post-Run: 157,042,335,744 octets libres 221 --- E O F --- 2008-06-12 06:37:20

Rapport SmitFraudFix v2.325 Rapport fait à 22:32:52,79, 16/06/2008 Executé à partir de C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\lphcjkdj0el4r.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\WINDOWS\ALCWZRD.EXE C:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DELCUS~1.DEL\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{48DD4588-14A6-4885-BDD3-FA0A60027F40}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{48DD4588-14A6-4885-BDD3-FA0A60027F40}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{48DD4588-14A6-4885-BDD3-FA0A60027F40}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Voila les 2 rapports : SDFix: Version 1.193 Run by Administrateur on 16/06/2008 at 21:06 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\2B.tmp - Deleted C:\WINDOWS\system32\2E.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 22:14:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater" "C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"="C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program" "C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Disabled:NAVBrowser" "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 13 Apr 2008 65,024 A.SH. --- "C:\WINDOWS\system32\asycfilt.dll" Sun 13 Apr 2008 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll" Sun 13 Apr 2008 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll" Tue 28 Aug 2001 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll" Sun 13 Apr 2008 413,696 A.SH. --- "C:\WINDOWS\system32\msvcp60.dll" Sun 13 Apr 2008 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll" Tue 28 Aug 2001 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll" Sun 13 Apr 2008 551,936 A.SH. --- "C:\WINDOWS\system32\oleaut32.dll" Sun 13 Apr 2008 84,992 A.SH. --- "C:\WINDOWS\system32\olepro32.dll" Sun 13 Apr 2008 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll" Tue 26 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp" Fri 29 Feb 2008 1,123,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\44e979936d19a4e833746e7d6f8e194d\BIT16.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp" Sat 26 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp" Tue 1 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT2.tmp" Tue 26 Jun 2007 4,348 ...H. --- "C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Thu 1 Nov 2007 20 A..H. --- "C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Tue 26 Jun 2007 400 A.SH. --- "C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:18:28, on 16/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\lphcjkdj0el4r.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sMshclkdj0el4r] C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [lphcjkdj0el4r] C:\WINDOWS\system32\lphcjkdj0el4r.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [qiusokg] c:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe qiusokg O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Alice ADSL - {41FC9C9D-4A0F-475F-8035-D8DBD044E53D} - http://www.aliceadsl.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aliceadsl.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://clients.cdiscount.com/Order/TechCit...x/CDiscount.cab O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8415 bytes

Bonjour, J'ai un virus depuis hier sur mon PC. Mon Bureau devient tout bleu avec une fenêtre au milieu "Spyware detected on your computer". Ensuite des fenêtres s'ouvrent pour installer un logiciel Malware Protector 2008. Je n'arrive pas à le désinstaller de mon PC. Voici le rapport hijackthis. Merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:15, on 15/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\CbEvtSvc.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\1985227992.exe C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [lphcjkdj0el4r] C:\WINDOWS\system32\lphcjkdj0el4r.exe O4 - HKLM\..\Run: [sMshclkdj0el4r] C:\Program Files\shclkdj0el4r\shclkdj0el4r.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [qiusokg] c:\documents and settings\delcuse damien.delcuse-90776fd\local settings\application data\qiusokg.exe qiusokg O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Alice ADSL - {41FC9C9D-4A0F-475F-8035-D8DBD044E53D} - http://www.aliceadsl.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aliceadsl.fr O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) - https://clients.cdiscount.com/Order/TechCit...x/CDiscount.cab O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8445 bytes

Salut, C'est ok, génial, je surfe depuis 1h pas de problème. Merci beaucoup. A*

Re, Voici le rapport de KASPERSKY ON-LINE SCANNER REPORT Friday, November 17, 2006 3:43:50 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 17/11/2006 Enregistrements dans la base antivirus Kaspersky : 228831 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Statistiques de l'analyse Total d'objets analysés 63805 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:37:57 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Temp\~DF288E.tmp L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\DELCUSE Damien.DELCUSE-90776FD\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{0F9F2DEB-EC0F-4C0B-BDFB-77CE718A2C5D}\RP1\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_644.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.

Bonjour, Il n' y a plus d'affichage de pub. Par contre pendant l'analyse panda, mon antivirus avast a détecté un virus. J'ai réessayé mais pareil. Je te laisse le rapport de bibeta. J'ai fait un nettoyage avec ccleaner. Je fais quoi avec mon virus? 11/17/06 14:22:27 [info]: BlackLight Engine 1.0.47 initialized 11/17/06 14:22:27 [info]: OS: 5.1 build 2600 (Service Pack 2) 11/17/06 14:22:27 [Note]: 7019 4 11/17/06 14:22:27 [Note]: 7005 0 11/17/06 14:22:28 [Note]: 7006 0 11/17/06 14:22:28 [Note]: 7011 1328 11/17/06 14:22:28 [Note]: 7026 0 11/17/06 14:22:28 [Note]: 7026 0 11/17/06 14:22:31 [Note]: FSRAW library version 1.7.1020 11/17/06 14:24:51 [Note]: 7007 0 Merci

Bonjour, On me demande de telecharger AVG au dessus faut faire ou pas? Voici les 2 rapports: Navipromo: Rapport Navipromo.bat 0.5 effectué le 17/11/2006 à 13:18:23,21 ** Recherche... 1/ vqjypxl trouvé, recherche de vqjypxl* C:\WINDOWS\system32\vqjypxl.dat C:\WINDOWS\system32\vqjypxl.exe C:\WINDOWS\system32\vqjypxl_nav.dat C:\WINDOWS\system32\vqjypxl_navps.dat C:\WINDOWS\prefetch\VQJYPXL.EXE-06EE5123.pf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] vqjypxl REG_SZ c:\windows\system32\vqjypxl.exe vqjypxl ------------------ Fin du rapport de recherche Adware Navipromo trouvé 1 fois avec cette méthode ################################################ ** Nettoyage... 1/ Déplacement de vqjypxl* vers C:\Navipromo\Backups... C:\Windows\System32\vqjypxl* déplacé avec succès ! C:\WINDOWS\prefetch\vqjypxl* déplacé avec succès ------------------ * Suppression clés et valeurs de registre 1 entrées de registre ont été nettoyées * Backups : C:\Navipromo\Backups\ARPCache.reg C:\Navipromo\Backups\HKCURun.reg C:\Navipromo\Backups\HKLMRun.reg C:\Navipromo\Backups\Uninstall.reg C:\Navipromo\Backups\vqjypxl.dat C:\Navipromo\Backups\vqjypxl.exe C:\Navipromo\Backups\VQJYPXL.EXE-06EE5123.pf C:\Navipromo\Backups\vqjypxl_nav.dat C:\Navipromo\Backups\vqjypxl_navps.dat Ajout d'extension .off aux backups ## Fin du rapport de Suppression Rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 13:28:14, on 17/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackTihs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{10947F09-E78E-4B26-BEF8-66BC5D321D3E}: NameServer = 86.64.145.140 84.103.237.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{10947F09-E78E-4B26-BEF8-66BC5D321D3E}: NameServer = 86.64.145.140 84.103.237.140 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe Merci.

Salut Voici le rapport Blacklight 11/17/06 09:05:49 [info]: BlackLight Engine 1.0.47 initialized 11/17/06 09:05:49 [info]: OS: 5.1 build 2600 (Service Pack 2) 11/17/06 09:05:49 [Note]: 7019 4 11/17/06 09:05:49 [Note]: 7005 0 11/17/06 09:05:50 [Note]: 7006 0 11/17/06 09:05:50 [Note]: 7011 1596 11/17/06 09:05:51 [Note]: 7026 0 11/17/06 09:05:51 [Note]: 7026 0 11/17/06 09:05:51 [Note]: 7024 3 11/17/06 09:05:51 [info]: Hidden process: C:\windows\system32\vqjypxl.exe 11/17/06 09:05:51 [Note]: FSRAW library version 1.7.1020 11/17/06 09:06:56 [info]: Hidden file: c:\WINDOWS\Prefetch\VQJYPXL.EXE-06EE5123.pf 11/17/06 09:06:56 [Note]: 10002 1 11/17/06 09:07:04 [info]: Hidden file: c:\WINDOWS\system32\vqjypxl.dat 11/17/06 09:07:04 [Note]: 10002 1 11/17/06 09:07:04 [info]: Hidden file: C:\windows\system32\vqjypxl.exe 11/17/06 09:07:04 [Note]: 10002 1 11/17/06 09:07:04 [info]: Hidden file: c:\WINDOWS\system32\vqjypxl_nav.dat 11/17/06 09:07:04 [Note]: 10002 1 11/17/06 09:07:04 [info]: Hidden file: c:\WINDOWS\system32\vqjypxl_navps.dat 11/17/06 09:07:04 [Note]: 10002 1

Bonjour, Je vous dépose une analyse de Hijackthis afin de m'aider à éliminer mes pubs intempestives. J'ai fait la procédure préliminaire du rapport comme décrite sur le forum. Voici l'analyse. Merci. Logfile of HijackThis v1.99.1 Scan saved at 23:07:45, on 16/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackTihs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe