libellul333

Bonjour, OK pour le blog je ferai un autre post, voici le nouveau log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:39:06, on 17/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Anne\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: MBCameraMonitor.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5E962D-DE29-4AFA-8FE4-5CE6FAE52985}: NameServer = 212.27.53.252 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6893 bytes

Oup's le message s'est mis en ligne alors que je n'avais pas fini. je reprend : 2 fichiers infestés donc index.php à la racine et index.php dans le dossier install. Le nom du ver est: HTML:Iframe.inf je l'ai mis en quarantaine, comment puis je réparer mon blog? qui pour l'instant affiche ça : Parse error: syntax error, unexpected '<' in /mnt/102/sdb/7/f/leblogdeluna/index.php on line 54 adresse blog http://leblogdeluna.free.fr dois je créer un autre post pour régler ce probléme ou est ce qu'on peut le régler ici et aussi j'aimerai savoir si vous pensez que c'est a cause des autres virus que j'avais que j'ai ça. merci d'avance!

Je n'ai plus d'alertes avast pour le rootkit sur mon pc, il semblerai que le problème soit résolu et pour ça MERCI beaucoup!!! mais j'ai 1 blog qui est sur mon espace free qui est toujours vérolé. est ce le rootkit qui l'a infecté? (c'est peut être une question stupide mais comme je n'y connais rien j'aimerai bien savoir) j'ai ouvert mon logiciel ftp (cute ftp) et j'ai copié le contenu du blog dans un dossier sur mon PC Avast àa trouvé 2 vers sur 2 fichiers (index.php) et index.php d

bon j'ai débranché et rebranché (pas de bouton reset) et suivi tes instructions, voici le log : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2635 Windows 5.1.2600 Service Pack 3 16/08/2009 21:06:13 mbam-log-2009-08-16 (21-06-13).txt Type de recherche: Examen rapide Eléments examinés: 109678 Temps écoulé: 8 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 5 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\Anne\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Anne\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Je viens de lire ton dernier post, oui avast détectait toujours le même rootkit pendant que combofix faisait le log. Je me suis absentée 2 heures j'ai voulu éteindre le PC, des mises a jour windows devaient s'installer, Le pc est bloqué depuis 2 heures sur l'écran bleu suivant : n'éteignez pas votre ordinateur, il sera éteint automatiquement, installation de la mise à jour 1 sur 1, je fais quoi? je débranche le pc pour qu'il redémarre?

Et voilà ComboFix 09-08-10.06 - Anne 16/08/2009 15:54.2.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.479.220 [GMT 2:00] Running from: c:\documents and settings\Anne\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\Anne\Bureau\CFscriptLib.txt AV: avast! antivirus 4.8.1229 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\Anne\Menu Démarrer\Programmes\Démarrage\ikowin32.exe" "c:\windows\system32\wndtixhk.tpq" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Anne\Menu Démarrer\Programmes\Démarrage\ikowin32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WNDTIXHK ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-16 12:47 . 2007-06-21 19:55 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-08-16 12:47 . 2007-06-21 19:54 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-08-16 12:47 . 2007-06-21 19:54 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-08-16 12:47 . 2007-06-21 19:54 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-08-16 12:47 . 2009-08-16 12:47 -------- d-----w- c:\windows\system32\ZoneLabs 2009-08-16 10:22 . 2009-08-16 10:22 -------- d-----w- c:\windows\LastGood.Tmp 2009-08-16 09:40 . 2009-08-16 09:40 -------- d-sh--w- C:\FOUND.006 2009-08-14 04:52 . 2009-08-14 04:52 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-08-14 04:45 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-10 13:48 . 2009-08-10 13:48 -------- d-----w- C:\LightWave_3D_7.0 2009-08-10 10:32 . 2009-08-10 10:32 -------- d-----w- C:\O2C 2009-08-10 10:00 . 1998-05-18 01:06 368912 ----a-w- c:\windows\system32\vbar332.dll 2009-08-10 10:00 . 1995-09-24 09:02 243472 ----a-w- c:\windows\system32\vbar2232.dll 2009-08-10 10:00 . 1995-09-20 14:16 23824 ----a-w- c:\windows\system32\msjter32.dll 2009-08-10 10:00 . 1995-09-20 14:16 35088 ----a-w- c:\windows\system32\msjint32.dll 2009-08-10 10:00 . 1995-09-20 14:13 977680 ----a-w- c:\windows\system32\msjt3032.dll 2009-08-10 10:00 . 2009-08-10 10:00 -------- d-----w- c:\program files\Micro Application 2009-08-10 09:39 . 1995-05-22 15:05 108032 ------w- c:\windows\system32\MFCUIA32.DLL 2009-08-10 09:39 . 1995-05-19 15:53 133392 ------w- c:\windows\system32\MFCO30.DLL 2009-08-10 09:39 . 1995-05-19 15:49 133904 ------w- c:\windows\system32\MFCANS32.DLL 2009-08-10 09:39 . 1995-05-19 15:44 322832 ------w- c:\windows\system32\mfc30.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-22 09:12 . 2009-07-22 09:12 -------- d-sh--w- c:\documents and settings\Anne\IECompatCache 2009-07-21 09:03 . 2009-07-21 09:04 -------- d-----w- c:\program files\NOS 2009-07-21 09:03 . 2009-07-21 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-18 12:43 . 2009-07-18 12:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-07-18 04:16 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-07-18 04:16 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 ------w- c:\windows\system32\dllcache\atl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 12:49 . 2006-06-10 10:44 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-08-05 09:00 . 1979-12-31 22:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 09:25 . 2009-07-17 09:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-12 10:21 . 1979-12-31 22:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 05:58 . 2007-11-18 15:24 46768 ----a-w- c:\documents and settings\Anne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-03 16:57 . 1979-12-31 22:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 1979-12-31 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 1979-12-31 22:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 1979-12-31 22:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-06-16 01:05 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 1979-12-31 22:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 1979-12-31 22:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2004-08-05 03:00 . 1979-12-31 22:00 57344 --sha-w- c:\windows\system32\mfc42loc.dll 2004-08-05 03:00 . 1979-12-31 22:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2008-04-14 02:33 . 1979-12-31 22:00 617472 --sha-w- c:\windows\system32\comctl32.dll 2008-04-14 02:33 . 1979-12-31 22:00 65024 --sha-w- c:\windows\system32\asycfilt.dll 2008-04-14 02:33 . 1979-12-31 22:00 343040 --sha-w- c:\windows\system32\msvcrt.dll 2008-04-14 02:33 . 1979-12-31 22:00 84992 --sha-w- c:\windows\system32\olepro32.dll 2008-04-14 02:33 . 1979-12-31 22:00 30749 --sha-w- c:\windows\system32\vbajet32.dll 2008-04-14 02:33 . 1979-12-31 22:00 551936 --sha-w- c:\windows\system32\oleaut32.dll 2008-04-14 02:33 . 1979-12-31 22:00 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 02:33 . 1979-12-31 22:00 1028096 --sha-w- c:\windows\system32\mfc42.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-16_13.37.28 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-16 14:08 . 2009-08-16 14:08 16384 c:\windows\temp\Perflib_Perfdata_1e8.dat + 1979-12-31 22:00 . 2009-08-16 14:12 47744 c:\windows\system32\drivers\beep.sys - 1979-12-31 22:00 . 2009-08-16 13:37 47744 c:\windows\system32\drivers\beep.sys + 2009-08-16 11:57 . 2009-08-16 11:57 47744 c:\windows\LastGood.Tmp\system32\drivers\beep.sys + 2009-08-16 14:03 . 2009-08-16 14:03 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-16 14:03 . 2009-08-16 14:03 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-16 14:03 . 2009-08-16 14:03 225280 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-16 14:03 . 2009-08-16 14:03 8663040 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-16 14:03 . 2009-08-16 14:03 3518464 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT + 2009-08-16 14:03 . 2009-08-16 14:03 3518464 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-30 180269] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-09 155648] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-5-10 541976] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CanoScan FB310 Utilities.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\CanoScan FB310 Utilities.lnk backup=c:\windows\pss\CanoScan FB310 Utilities.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\EMULE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Home\\ftpte.exe"= "c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"= "c:\\LightWave_3D_7.0\\Programs\\hub.exe"= "c:\\LightWave_3D_7.0\\Programs\\Modeler.exe"= "c:\\LightWave_3D_7.0\\Programs\\Lightwav.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/05/2008 10:50 78416] R2 as260n;as260n;c:\windows\system32\drivers\as260n.sys [09/10/2006 11:51 176352] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/05/2008 10:50 20560] R3 fhlppppoe;PPPOE/ADSL miniport;c:\windows\system32\drivers\fhlpppoe.sys [25/08/2005 22:36 49264] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{F2697E21-117C-4464-BC65-58802BA9CD93}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{6A0BA716-C775-4CFA-91FB-BF6A41B7D209}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {DD5E962D-DE29-4AFA-8FE4-5CE6FAE52985} = 212.27.53.252 DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\iamn5rpa.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\oneclick-m6.js - pref("capability.policy.default.ClassID.CID8B03E995-561F-4C87-BAD1-27D979028002", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 16:08 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(804) c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE c:\program files\A-SQUARED FREE\A2SERVICE.EXE c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2009-08-16 16:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-16 14:16 ComboFix2.txt 2009-08-16 13:40 Pre-Run: 29 382 508 544 octets libres Post-Run: 29 243 047 936 octets libres 200 --- E O F --- 2009-08-14 09:14

combofix a fait redémarrer le pc et il m'a demandé si je voulais redémarrer normalement ou en mode sans echec??? j'ai redémarré normalement mais il tournait en boucle, au bout de 3 tentatives, , windows a voulu faire un scan et j'ai zappé, là, le log se prépare, je viens d'avoir l'avertissement avast qui s'est réactivé au demarrage, le virus est toujours là, win32:rustNT dès que j'ai le log je le poste (je suis sur un autre pc là)

Et voilà : (il ne m'a pas fait télécharger la console ni redémarrer) ComboFix 09-08-10.06 - Anne 16/08/2009 15:27.1.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.479.223 [GMT 2:00] Running from: c:\documents and settings\Anne\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winapi32.dll . ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-16 12:47 . 2007-06-21 19:55 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-08-16 12:47 . 2007-06-21 19:54 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-08-16 12:47 . 2007-06-21 19:54 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-08-16 12:47 . 2007-06-21 19:54 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-08-16 12:47 . 2009-08-16 12:47 -------- d-----w- c:\windows\system32\ZoneLabs 2009-08-16 10:22 . 2009-08-16 10:22 -------- d-----w- c:\windows\LastGood 2009-08-16 09:40 . 2009-08-16 09:40 -------- d-sh--w- C:\FOUND.006 2009-08-14 04:52 . 2009-08-14 04:52 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-08-14 04:45 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-10 13:48 . 2009-08-10 13:48 -------- d-----w- C:\LightWave_3D_7.0 2009-08-10 10:32 . 2009-08-10 10:32 -------- d-----w- C:\O2C 2009-08-10 10:00 . 1998-05-18 01:06 368912 ----a-w- c:\windows\system32\vbar332.dll 2009-08-10 10:00 . 1995-09-24 09:02 243472 ----a-w- c:\windows\system32\vbar2232.dll 2009-08-10 10:00 . 1995-09-20 14:16 23824 ----a-w- c:\windows\system32\msjter32.dll 2009-08-10 10:00 . 1995-09-20 14:16 35088 ----a-w- c:\windows\system32\msjint32.dll 2009-08-10 10:00 . 1995-09-20 14:13 977680 ----a-w- c:\windows\system32\msjt3032.dll 2009-08-10 10:00 . 2009-08-10 10:00 -------- d-----w- c:\program files\Micro Application 2009-08-10 09:39 . 1995-05-22 15:05 108032 ------w- c:\windows\system32\MFCUIA32.DLL 2009-08-10 09:39 . 1995-05-19 15:53 133392 ------w- c:\windows\system32\MFCO30.DLL 2009-08-10 09:39 . 1995-05-19 15:49 133904 ------w- c:\windows\system32\MFCANS32.DLL 2009-08-10 09:39 . 1995-05-19 15:44 322832 ------w- c:\windows\system32\mfc30.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-22 09:12 . 2009-07-22 09:12 -------- d-sh--w- c:\documents and settings\Anne\IECompatCache 2009-07-21 09:03 . 2009-07-21 09:04 -------- d-----w- c:\program files\NOS 2009-07-21 09:03 . 2009-07-21 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-18 12:43 . 2009-07-18 12:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-07-18 04:16 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-07-18 04:16 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 ------w- c:\windows\system32\dllcache\atl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 12:49 . 2006-06-10 10:44 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-08-05 09:00 . 1979-12-31 22:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 09:25 . 2009-07-17 09:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-12 10:21 . 1979-12-31 22:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 05:58 . 2007-11-18 15:24 46768 ----a-w- c:\documents and settings\Anne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-03 16:57 . 1979-12-31 22:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 1979-12-31 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 1979-12-31 22:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 1979-12-31 22:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2005-06-16 01:05 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 1979-12-31 22:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 1979-12-31 22:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2004-08-05 03:00 . 1979-12-31 22:00 57344 --sha-w- c:\windows\system32\mfc42loc.dll 2004-08-05 03:00 . 1979-12-31 22:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2008-04-14 02:33 . 1979-12-31 22:00 617472 --sha-w- c:\windows\system32\comctl32.dll 2008-04-14 02:33 . 1979-12-31 22:00 65024 --sha-w- c:\windows\system32\asycfilt.dll 2008-04-14 02:33 . 1979-12-31 22:00 343040 --sha-w- c:\windows\system32\msvcrt.dll 2008-04-14 02:33 . 1979-12-31 22:00 84992 --sha-w- c:\windows\system32\olepro32.dll 2008-04-14 02:33 . 1979-12-31 22:00 30749 --sha-w- c:\windows\system32\vbajet32.dll 2008-04-14 02:33 . 1979-12-31 22:00 551936 --sha-w- c:\windows\system32\oleaut32.dll 2008-04-14 02:33 . 1979-12-31 22:00 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 02:33 . 1979-12-31 22:00 1028096 --sha-w- c:\windows\system32\mfc42.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-30 180269] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-09 155648] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Anne\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2008-4-14 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-5-10 541976] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CanoScan FB310 Utilities.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\CanoScan FB310 Utilities.lnk backup=c:\windows\pss\CanoScan FB310 Utilities.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\EMULE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Home\\ftpte.exe"= "c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"= "c:\\LightWave_3D_7.0\\Programs\\hub.exe"= "c:\\LightWave_3D_7.0\\Programs\\Modeler.exe"= "c:\\LightWave_3D_7.0\\Programs\\Lightwav.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/05/2008 10:50 78416] R2 as260n;as260n;c:\windows\system32\drivers\as260n.sys [09/10/2006 11:51 176352] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/05/2008 10:50 20560] R3 fhlppppoe;PPPOE/ADSL miniport;c:\windows\system32\drivers\fhlpppoe.sys [25/08/2005 22:36 49264] S2 WNDTIXHK;WNDTIXHK;\??\c:\windows\system32\wndtixhk.tpq --> c:\windows\system32\wndtixhk.tpq [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - SRESCAN *NewlyCreated* - vsmon [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{F2697E21-117C-4464-BC65-58802BA9CD93}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] 2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{6A0BA716-C775-4CFA-91FB-BF6A41B7D209}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-SkwatAutoconnect - c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {DD5E962D-DE29-4AFA-8FE4-5CE6FAE52985} = 212.27.53.252 DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\iamn5rpa.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\oneclick-m6.js - pref("capability.policy.default.ClassID.CID8B03E995-561F-4C87-BAD1-27D979028002", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 15:37 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WNDTIXHK] "ImagePath"="\??\c:\windows\system32\wndtixhk.tpq" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] . Completion time: 2009-08-16 15:40 ComboFix-quarantined-files.txt 2009-08-16 13:40 Pre-Run: 29 112 467 456 octets libres Post-Run: 29 376 184 320 octets libres 173 --- E O F --- 2009-08-14 09:14

merci pour ta réponse voici le nouveau rapport : ps je viens d'installer zonealarm mais quand il est activé je ne peux pas acceder a internet alors je le ferme... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:39, on 16/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Anne\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: MBCameraMonitor.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5E962D-DE29-4AFA-8FE4-5CE6FAE52985}: NameServer = 212.27.53.252 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6940 bytes

merci pour ta réponse voici le nouve

j'ai oublié de signaler : mon pare feu windows est désactivé et la fonction "activer" est en grisé" est ce à cause du virus? sos

Bonjour, depuis 3 jours Avast me signale qu'un logiciel malveillant a été trouvé mais j'ai beau le supprimer ou le mettre en quarantaine, il revient toujours. à l'infini. win32:RustNT [Rtk] dans C:\windows\system32\drivers\beep.sys puis dans C:\WINDOWS\LastGood\TMP45.tmp puis dans c:\windows\system32\drivers\OLD46.tmp ilya aussi win32:trojan-gen Je ne sais pas quoi faire, j'ai fait un scan avast au demarrage, il me les detecte mais n'arrive pas à les supprimer non plus, j'ai besoin d'être guidé pour supprimer ces m... Je tiens un blog sous dotclear http://leblogdeluna.free.fr et depuis que j'ai ces virus il ne fonctionne plus du jour au lendemain sans que j'ai rien fait cela peut il avoir un rapport avec les rootkit attrapés???? je suis dégouté car c'était un blog souvenir des photos de mon bébé qui a 6 mois dans 2 jours. sinon mon PC est extrémement lent j'ai essayé de graver un cd tout à l'heure mais j'ai abandonné car trop lent ps je suis une novice en informatique merci d'avance pour votre aide! voici mon rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 12:26:04, on 16/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Hiajckthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: ikowin32.exe O4 - Global Startup: MBCameraMonitor.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DD5E962D-DE29-4AFA-8FE4-5CE6FAE52985}: NameServer = 212.27.53.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe