romano72

merci encore mr Ingalls voilà le rapport : SmitFraudFix v2.258 Rapport fait à 1:17:04,76, 06/12/2007 Executé à partir de C:\Documents and Settings\LEDRU\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEDRU »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEDRU\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEDRU\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: RCA USB Cable Modem #2 - Miniport d'ordonnancement de paquets DNS Server Search Order: 82.216.111.123 DNS Server Search Order: 82.216.111.122 DNS Server Search Order: 82.216.111.124 DNS Server Search Order: 82.216.111.125 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CE01C6D4-41D2-407E-B2E3-C1F55C728CC2}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Et ici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:29:50, on 06/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\AutoCAD 2006\acad.exe C:\DOCUME~1\LEDRU\LOCALS~1\Temp\AdskCleanup.0001 C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7180 bytes

Salut, voilà le rapport Panda : ;*********************************************************************************************************************************************************************************** ANALYSIS: 2007-12-06 00:25:20 PROTECTIONS: 1 MALWARE: 30 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Avira AntiVir PersonalEdition 7.0.1.49 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026474.exe 00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026468.exe[sDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026443.exe 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@xiti[1].txt 00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\[email protected][1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\[email protected][2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@adtech[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@sextracker[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\LEDRU\Cookies\ledru@smartadserver[1].txt 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP724\A0290111.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP722\A0289085.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP721\A0289069.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP721\A0288971.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP723\A0290069.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP720\A0288866.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP719\A0288849.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP719\A0288811.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{54F4E4B6-064B-4588-BC00-386978A7C0E5}\RP344\A0070992.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP720\A0288921.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP724\A0290088.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP722\A0290053.EXE 00323879 W32/Guarder.D.worm Virus/Worm No 0 Yes No H:\System Volume Information\_restore{A4721006-4953-4EFA-B796-09FF8E9CE226}\RP273\A0229474.EXE 01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026194.exe 01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026195.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026278.exe 01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026467.exe[nircmd.cfexe] 01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026467.exe[nircmd.exe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026338.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe 02070830 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026342.exe 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026203.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026196.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026214.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026202.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026201.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026205.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026210.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026221.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026200.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026212.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026225.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026227.dll 02646028 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026218.dll 02652697 W32/P2PSimple.C.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026290.exe 02652697 W32/P2PSimple.C.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026295.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026182.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026187.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026183.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026188.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026189.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026184.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026190.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026185.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026191.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026186.exe 02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026192.exe 02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026353.dll 02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026197.dll 02694181 Trj/Agent.HBA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026199.dll 02804145 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026206.dll 02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026204.dll 02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026213.dll 02861976 Trj/Agent.HEH Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026473.exe 02861976 Trj/Agent.HEH Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026469.exe 02882735 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026228.dll 02882736 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026220.dll 02882737 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026226.dll 02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026223.dll 02882739 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026219.dll 02882742 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026224.dll 02882745 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP158\A0026211.dll 02883045 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2F48B2A8-00CD-4631-861D-D96E37E57C1C}\RP159\A0026363.dll ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Je n'ai pas pu desinfecter les infections détectées car il faut s'abonner apparement, sinon mon pc tourne beaucoup mieux qu'hier

Salut, désolé je n'ai pas pu me connecter plus tôt, voila le rapport combofix : ComboFix 07-12-02.6 - LEDRU 2007-12-05 15:40:54.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.53 [GMT 1:00] Running from: C:\Documents and Settings\LEDRU\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LEDRU\Bureau\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\LEDRU\f.exe C:\sqmdata15.sqm C:\sqmnoopt15.sqm C:\WINDOWS\system32\bduxtbei.ini C:\WINDOWS\system32\birhhaml.ini C:\WINDOWS\system32\bocxpwuv.ini C:\WINDOWS\system32\hcknodft.ini C:\WINDOWS\system32\irfyfmhc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mvrbkhga.ini C:\WINDOWS\system32\ogpapoit.ini C:\WINDOWS\system32\pywgsvqc.dll C:\WINDOWS\system32\qrqcucqw.ini C:\WINDOWS\system32\qvcmipmg.ini C:\WINDOWS\system32\ssqooml.dll C:\WINDOWS\system32\svkyawut.dll C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vltbqvfo.ini C:\WINDOWS\system32\wmfkagjo.ini C:\WINDOWS\system32\wpyaqliu.ini C:\WINDOWS\system32\yulphppy.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LEDRU\f.exe C:\sqmdata15.sqm C:\sqmnoopt15.sqm C:\WINDOWS\system32\bduxtbei.ini C:\WINDOWS\system32\birhhaml.ini C:\WINDOWS\system32\bocxpwuv.ini C:\WINDOWS\system32\hcknodft.ini C:\WINDOWS\system32\irfyfmhc.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mvrbkhga.ini C:\WINDOWS\system32\ogpapoit.ini C:\WINDOWS\system32\pywgsvqc.dll C:\WINDOWS\system32\qrqcucqw.ini C:\WINDOWS\system32\qvcmipmg.ini C:\WINDOWS\system32\ssqooml.dll C:\WINDOWS\system32\svkyawut.dll C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vltbqvfo.ini C:\WINDOWS\system32\wmfkagjo.ini C:\WINDOWS\system32\wpyaqliu.ini C:\WINDOWS\system32\yulphppy.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 08:28 . 2007-12-05 08:28 268 --ah----- C:\sqmdata17.sqm 2007-12-05 08:28 . 2007-12-05 08:28 244 --ah----- C:\sqmnoopt17.sqm 2007-12-05 03:10 . 2007-12-05 03:10 <REP> d-------- C:\WINDOWS\ERUNT 2007-12-05 03:02 . 2007-12-05 03:02 268 --ah----- C:\sqmdata16.sqm 2007-12-05 03:02 . 2007-12-05 03:02 244 --ah----- C:\sqmnoopt16.sqm 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Program Files\Avira 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-04 20:57 . 2007-12-04 20:57 <REP> d-------- C:\Program Files\Trend Micro 2007-11-20 00:25 . 2007-11-27 22:44 <REP> d-------- C:\Program Files\Everest Poker 2007-11-14 18:58 . 2007-11-19 13:57 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2007-11-13 23:05 . 2007-11-13 23:28 <REP> d-------- C:\VundoFix Backups . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:38 10 ----a-w C:\Program Files\.autoreg 2007-12-04 20:22 --------- d-----w C:\Documents and Settings\LEDRU\Application Data\LimeWire 2007-12-04 15:32 --------- d-----w C:\Program Files\Java 2007-11-30 17:38 --------- d-----w C:\Program Files\eMule 2007-11-14 17:58 --------- d-----w C:\Program Files\Google 2007-10-22 22:05 --------- d-----w C:\Program Files\Veoh Networks 2007-10-22 21:23 --------- d-----w C:\Program Files\DivX 2007-10-22 12:22 --------- d-----w C:\Program Files\Winamp 2007-10-22 11:02 --------- d-----w C:\Program Files\Overland 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-05_ 1.59.10.34 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-03 11:52:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-12-05 02:11:00 4,141,056 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-12-05 02:11:00 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-12-03 11:52:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-05 02:10:59 4,141,056 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-12-05 02:10:59 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 03:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 00:44] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 23:12] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 20:43] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-23 16:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "WD Button Manager"="WDBtnMgr.exe" [2007-05-02 11:13 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 21:42] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-07-15 08:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-05 04:35:01 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 15:44:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 15:46:57 - machine was rebooted C:\ComboFix2.txt ... 2007-12-05 02:11 C:\ComboFix3.txt ... 2007-12-05 01:59 . --- E O F --- Et au fait je n'ai pas vu de mots de passe dans le fichier C:\SDFix\Data.txt

Et un rapport HijackThis au cas où : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:27:58, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7078 bytes

Merci encore pour ton aide voici donc le rapport de SDFix : SDFix: Version 1.116 Run by LEDRU on 05/12/2007 at 03:11 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\LEDRU\x.dat - Deleted C:\Documents and Settings\LEDRU\z.dat - Deleted C:\n.bat - Deleted C:\WINDOWS\Fonts\Setup.exe - Deleted x.dat and z.dat data copied to \SDFix\Data.txt Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 03:14:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:fc98cdb3 "s2"=dword:bc01b9d4 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:11,1f,01,1f,7d,ff,eb,8c,4e,89,84,23,1c,94,7c,b6,0e,5d,fc,89,5c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:11,1f,01,1f,7d,ff,eb,8c,4e,89,84,23,1c,94,7c,b6,0e,5d,fc,89,5c,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 21 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Wed 22 Dec 2004 16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll" Thu 20 Jan 2005 11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Tue 20 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT3.tmp" Finished!

Et enfin le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:27:52, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7078 bytes

et le rapport combofix : ComboFix 07-12-02.6 - LEDRU 2007-12-05 1:53:54.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 1:00] Running from: C:\Documents and Settings\LEDRU\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LEDRU\Application Data\WinTouch C:\Documents and Settings\LEDRU\Application Data\WinTouch\wintouch.cfg C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\__c00DD4D0.dat C:\WINDOWS\system32\awhxryrv.dll C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\cbxwwww.dll C:\WINDOWS\system32\cbxyvwt.dll C:\WINDOWS\system32\cidbifvj.exe C:\WINDOWS\system32\dcwdnafj.dll C:\WINDOWS\system32\dksdndex.dll C:\WINDOWS\system32\fgtkyyhr.dll C:\WINDOWS\system32\fmxvatqr.exe C:\WINDOWS\system32\iexevuil.dll C:\WINDOWS\system32\ipdijacl.dllbox C:\WINDOWS\system32\ixuffanm.dll C:\WINDOWS\system32\jiwxosco.exe C:\WINDOWS\system32\jjpptdqv.dll C:\WINDOWS\system32\kdwpabsv.exe C:\WINDOWS\system32\khfccay.dll C:\WINDOWS\system32\kyxdosyr.dll C:\WINDOWS\system32\ltkcuudp.dll C:\WINDOWS\system32\mjedkgnq.dll C:\WINDOWS\system32\mjvferwn.exe C:\WINDOWS\system32\mkmklxno.exe C:\WINDOWS\system32\mnaffuxi.ini C:\WINDOWS\system32\mwhgtpbe.dll C:\WINDOWS\system32\oktrikgr.ini C:\WINDOWS\system32\pqmyifyh.dll C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\qpaxcbcv.exe C:\WINDOWS\system32\qthnydbb.dll C:\WINDOWS\system32\rdkyxckk.exe C:\WINDOWS\system32\rgkirtko.dll C:\WINDOWS\system32\riyvcpjb.dll C:\WINDOWS\system32\rnddrtqp.exe C:\WINDOWS\system32\smlrkief.dll C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\tecchnaw.dll C:\WINDOWS\system32\tlsegbax.dll C:\WINDOWS\system32\twxwpttq.dll C:\WINDOWS\system32\ucacdtff.dll C:\WINDOWS\system32\udjlfsif.dll C:\WINDOWS\system32\umjmfvuu.dll C:\WINDOWS\system32\urqnllj.dll C:\WINDOWS\system32\vnffgsxo.dll C:\WINDOWS\system32\vnnuptxl.dll C:\WINDOWS\system32\vrjqgabb.exe C:\WINDOWS\system32\vrkvivrk.exe C:\WINDOWS\system32\vtxgqlcs.exe C:\WINDOWS\system32\wdqtedft.dll C:\WINDOWS\system32\wqdvopgo.dll C:\WINDOWS\system32\xjrnssly.exe C:\WINDOWS\system32\yingcatw.dll C:\WINDOWS\system32\ysebdegr.exe C:\WINDOWS\system32\ysthqpby.dll C:\winlogon.exe C:\x.dat C:\z.dat H:\Autorun.inf C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Program Files\Avira 2007-12-04 21:19 . 2007-12-04 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-04 21:17 . 2007-12-04 21:17 37,376 --a------ C:\WINDOWS\system32\ssqooml.dll 2007-12-04 20:57 . 2007-12-04 20:57 <REP> d-------- C:\Program Files\Trend Micro 2007-12-04 16:37 . 2007-12-04 16:37 718,718 ---hs---- C:\WINDOWS\system32\qvcmipmg.ini 2007-12-03 11:34 . 2007-12-03 11:34 73,280 --a------ C:\WINDOWS\system32\pywgsvqc.dll 2007-12-03 11:31 . 2007-12-04 16:26 845,645 ---hs---- C:\WINDOWS\system32\wmfkagjo.ini 2007-11-30 15:13 . 2007-12-03 11:25 756,471 ---hs---- C:\WINDOWS\system32\birhhaml.ini 2007-11-28 16:07 . 2007-11-30 15:10 882,576 ---hs---- C:\WINDOWS\system32\yulphppy.ini 2007-11-27 16:03 . 2007-11-28 16:03 771,076 ---hs---- C:\WINDOWS\system32\qrqcucqw.ini 2007-11-26 16:57 . 2007-11-27 15:58 779,304 ---hs---- C:\WINDOWS\system32\mvrbkhga.ini 2007-11-23 16:18 . 2007-11-26 16:45 773,267 ---hs---- C:\WINDOWS\system32\bocxpwuv.ini 2007-11-22 15:51 . 2007-11-23 16:13 773,069 ---hs---- C:\WINDOWS\system32\wpyaqliu.ini 2007-11-21 23:13 . 2007-11-21 23:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-20 23:05 . 2007-11-20 23:05 268 --ah----- C:\sqmdata15.sqm 2007-11-20 23:05 . 2007-11-20 23:05 244 --ah----- C:\sqmnoopt15.sqm 2007-11-20 15:55 . 2007-11-21 15:56 834 ---hs---- C:\WINDOWS\system32\irfyfmhc.ini 2007-11-20 00:25 . 2007-11-27 22:44 <REP> d-------- C:\Program Files\Everest Poker 2007-11-19 13:18 . 2007-11-20 15:44 836,471 ---hs---- C:\WINDOWS\system32\vltbqvfo.ini 2007-11-16 20:43 . 2007-11-19 13:13 675,164 ---hs---- C:\WINDOWS\system32\bduxtbei.ini 2007-11-16 15:33 . 2007-11-19 13:16 40,960 --a------ C:\Documents and Settings\LEDRU\f.exe 2007-11-16 15:33 . 2007-11-19 13:15 262 --a------ C:\Documents and Settings\LEDRU\z.dat 2007-11-16 15:33 . 2007-11-19 13:15 0 --a------ C:\Documents and Settings\LEDRU\x.dat 2007-11-15 20:34 . 2007-11-16 20:34 677,781 ---hs---- C:\WINDOWS\system32\ogpapoit.ini 2007-11-14 20:43 . 2007-11-14 20:43 671,127 ---hs---- C:\WINDOWS\system32\hcknodft.ini 2007-11-14 18:58 . 2007-11-19 13:57 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2007-11-13 23:05 . 2007-11-13 23:28 <REP> d-------- C:\VundoFix Backups 2007-11-13 20:32 . 2007-11-13 20:32 145,984 --a------ C:\WINDOWS\system32\svkyawut.dll 2007-11-12 21:08 . 2007-11-12 21:08 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-12 21:05 . 2007-11-19 13:16 120 --a------ C:\n.bat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:38 10 ----a-w C:\Program Files\.autoreg 2007-12-04 20:22 --------- d-----w C:\Documents and Settings\LEDRU\Application Data\LimeWire 2007-12-04 15:32 --------- d-----w C:\Program Files\Java 2007-11-30 17:38 --------- d-----w C:\Program Files\eMule 2007-11-14 17:58 --------- d-----w C:\Program Files\Google 2007-11-12 20:08 278,536 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-10-22 22:05 --------- d-----w C:\Program Files\Veoh Networks 2007-10-22 21:23 --------- d-----w C:\Program Files\DivX 2007-10-22 12:22 --------- d-----w C:\Program Files\Winamp 2007-10-22 11:02 --------- d-----w C:\Program Files\Overland 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}] 2007-12-04 21:17 37376 --a------ C:\WINDOWS\system32\ssqooml.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 03:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 00:44] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 23:12] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 20:43] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-23 16:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "WD Button Manager"="WDBtnMgr.exe" [2007-05-02 11:13 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 21:42] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}"= C:\WINDOWS\system32\ssqooml.dll [2007-12-04 21:17 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqooml] ssqooml.dll 2007-12-04 21:17 37376 C:\WINDOWS\system32\ssqooml.dll R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-07-15 08:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-05 00:35:51 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 01:58:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 1:59:43 - machine was rebooted . --- E O F --- Mon pc a redémarré après le combofix, et j'ai l'impression qu'il rame déjà moins, mais maintenant une autre alerte AntiVir s'affiche avec le trojan "TR/Drop.Agent.CWD" ...

Tout d'abord merci pour ton aide Alors voici en premier le rapport MSNFix : MSNFix 1.600 C:\Documents and Settings\LEDRU\Bureau\MSNFix\MSNFix Fix exécuté le 05/12/2007 - 1:47:01,54 By LEDRU mode normal ************************ Recherche les fichiers présents ... C:\DOCUME~1\LEDRU\LOCALS~1\Temp\removalfile.bat ... C:\WINDOWS\b???.exe ... C:\WINDOWS\cookies.ini ... C:\WINDOWS\mrofinu*.exe.tmp ************************ MSNCHK ***** /!\ beta test /!\ ************************ Recherche les dossiers présents ... C:\PROGRA~1\InetGet2\ ... C:\PROGRA~1\Temporary\ ... C:\PROGRA~1\WinAble\ ************************ Suppression des fichiers .. OK ... C:\DOCUME~1\LEDRU\LOCALS~1\Temp\removalfile.bat .. OK ... C:\WINDOWS\b???.exe .. OK ... C:\WINDOWS\cookies.ini .. OK ... C:\WINDOWS\mrofinu*.exe.tmp ************************ Suppression des dossiers .. OK ... C:\PROGRA~1\InetGet2\ .. OK ... C:\PROGRA~1\Temporary\ .. OK ... C:\PROGRA~1\WinAble\ ************************ Nettoyage du registre ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\WINDOWS\Fonts\Setup.exe] 58B463A2E355F05079A16D08191DEA9F [C:\setup_wm.exe] CB590BCE547BA8C7378E5B4220FCF256 [C:\winlogon.exe] A3879EADB0B106DC79941FF124DCA9E2 [C:\Documents and Settings\LEDRU\f.exe] 52B1C318B141C2D684CDF7C2D303FD5D [C:\PROGRA~1\Uninstall_CDS.exe] 6ED26B4DD712DCC8456079DD15330F03 ==> SVP merci d'envoyer le fichier C:\DOCUME~1\LEDRU\Bureau\Upload_Me.zip sur http://upload.changelog.fr Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05122007_ 1483614.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END ---------------------------------------------

J'ai l'impression que mon pc rame de plus en plus... Help please !

J'allais oublier le rapport le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:43, on 04/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {69264CAA-1A47-4A87-923E-19E8F534DFC1} - C:\WINDOWS\system32\ssqrp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqooml.dll O2 - BHO: {51474f05-bfe1-3c88-7f04-a6670a5bc2a9} - {9a2cb5a0-766a-40f7-88c3-1efb50f47415} - C:\WINDOWS\system32\tlsegbax.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00DD4D0.dat O20 - Winlogon Notify: ssqooml - C:\WINDOWS\SYSTEM32\ssqooml.dll O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DomainService - - C:\WINDOWS\system32\kdwpabsv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7637 bytes

Bonjour, Depuis maintenant 1 semaine mon pc est infecté et AntiVir n'arrête pas d'afficher l'alerte du troyen TR/Dldr.Agen.ZV.1.B et je commence à peter les plombs A l'aide s'il vous plait