[Résolu] Infection PC (rapport HijackThis)

[B2oBa]

Bonjour à tous, depuis quelques joursm on pc est infecté, dès que j' ouvre une page internet mon antivirus se mets à crier. J' ai supprimer les fichiers appriori infecté, j' ai fait un pré-nettoyage avec antivir mais le probleme persiste.

Voici donc mon rapport Hijack :

 

Logfile of HijackThis v1.99.1

Scan saved at 9:15:18, on 10/12/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\themeGold55\CursorXP\CursorXP.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\logon.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Tyler\Bureau\hijackthis\HijackThis.exe

C:\WINDOWS\explorer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr

O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

 

 

Merci d' avance pour votre aide

Modifié le 14 décembre 2007 par B2oBa

[bruce lee]

Bonjour B2oBa,

 

Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci :

 

* Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec.

 

 

1/Télécharge puis installe http://www.ewido.net/en/download

Une fois AVG AS lancé, clique sur Mise à jour

Ferme le programme.

 

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

 

2/Démarre en mode sans échec http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

 

3/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Reclique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier infecté est détecté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau

 

4/

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
  

5/Poste le rapport d'AVG Anti spyware 7.5 ainsi qu'un nouveau log Hijackthis.

 

Bon courage, et si tu as la moindre question n'hésite surtout pas

 

@+

[B2oBa]

J' ai tout suivi à la lettre, aucun probleme dans le déroulement, voici mes rapports :

 

 

 

SDFix: Version 1.117

 

Run by Tyler on lun. 10/12/2007 at 11:13

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\Tyler\Bureau\sdfix\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\HMM.EXE - Deleted

C:\WINDOWS\SYSTEM32\SYSINFO.EXE - Deleted

C:\DOCUME~1\Tyler\LOCALS~1\Temp\removalfile.bat - Deleted

C:\WINDOWS\system32\First.exe - Deleted

C:\WINDOWS\system32\Gothic.exe - Deleted

C:\WINDOWS\system32\install.exe - Deleted

C:\WINDOWS\system32\logon.exe - Deleted

C:\WINDOWS\system32\o - Deleted

C:\WINDOWS\system32\sysinfo.exe - Deleted

C:\WINDOWS\system32\Tilecomnu.com - Deleted

C:\WINDOWS\Temp\removalfile.bat - Deleted

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-10 11:20:27

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

Remaining Files:

---------------

 

File Backups: - C:\DOCUME~1\Tyler\Bureau\sdfix\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"

Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"

Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"

Fri 7 Oct 2005 308,224 A.SH. --- "C:\WINDOWS\system32\avisynth.dll"

Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"

Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"

Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"

Sat 24 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"

Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"

Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"

Sat 24 Jan 2004 217,088 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"

Sat 21 Oct 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"

Wed 11 Jan 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"

Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"

Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"

Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"

Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"

Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"

Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"

Tue 10 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"

Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"

Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"

Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"

Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"

Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"

 

Finished!

 

 

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 11:02:41 10/12/2007

 

+ Résultat de l'analyse:

 

 

 

C:\Documents and Settings\Tyler\Cookies\tyler@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Aucune action entreprise.

:mozilla.15:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Adnet : Aucune action entreprise.

:mozilla.16:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Adnet : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Adnet : Aucune action entreprise.

:mozilla.24:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@adviva[1].txt -> TrackingCookie.Adviva : Aucune action entreprise.

:mozilla.40:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@burstnet[1].txt -> TrackingCookie.Burstnet : Aucune action entreprise.

:mozilla.434:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.435:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

:mozilla.436:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Comclick : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@estat[2].txt -> TrackingCookie.Estat : Aucune action entreprise.

:mozilla.196:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.

:mozilla.197:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.

:mozilla.316:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Liveperson : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.

:mozilla.193:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Msn : Aucune action entreprise.

:mozilla.194:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Msn : Aucune action entreprise.

:mozilla.195:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Msn : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Planetactive : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@questionmarket[2].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.

:mozilla.169:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Real : Aucune action entreprise.

:mozilla.170:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Real : Aucune action entreprise.

:mozilla.297:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Real : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Real : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Real : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Real : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.351:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.352:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.353:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.220:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.

:mozilla.422:C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ra46ckdb.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@yadro[1].txt -> TrackingCookie.Yadro : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

C:\Documents and Settings\Tyler\Cookies\tyler@zedo[2].txt -> TrackingCookie.Zedo : Aucune action entreprise.

 

 

Fin du rapport

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:30:06, on 10/12/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\System32\ctfmon.exe

C:\themeGold55\CursorXP\CursorXP.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Tyler\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr

O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) -

 

http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers

 

communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program

 

Files\Sygate\SPF\smc.exe

 

 

 

Voila.

[bruce lee]

Re,

 

Je te conseille fortement d'installer un antivirus: http://www.01net.com/telecharger/windows/S...ches/13198.html

 

Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> http://cybersecurite.xooit.com/t123-Les-co...les-ActiveX.htm

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

 

NOTE: Le scan est à faire avec Internet Explorer.

[B2oBa]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, December 10, 2007 2:41:13 PM

Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 10/12/2007

Kaspersky Anti-Virus database records: 478251

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 131589

Number of viruses found: 4

Number of infected objects: 119

Number of suspicious objects: 0

Duration of the scan process: 00:50:43

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tyler\Bureau\sdfix\SDFix\backups_old1\logon.exe Infected: Trojan.Win32.Agent.dcb skipped

C:\Documents and Settings\Tyler\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Tyler\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tyler\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Tyler\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Aide\t.html Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Aide\version.html Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\IndexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\FrameSet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\IndexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Simple\IndexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Simple\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau\IndexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau - Bleu\indexPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau - Bleu\SubPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Belle journée.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Camemberts.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Céramique.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Feuilles.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Fiesta.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Glacier.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Lierre.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Nature.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Punch aux agrumes.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Réseau.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Sucreries.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Technique.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Tournesol.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Vierge.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Fichiers communs\System\ado\MDACReadme.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\NetMeeting\netmeet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\Program Files\Sygate\SPF\debug.log Object is locked skipped

C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped

C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped

C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped

C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Help\ciadmin.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\AboutCompat.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatOffline.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\LearnCompat.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\DFS\privacy.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\DFS\xmldialog.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\dvdupgrd.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrorMessagesOffline.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogshelp.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\rc\rcRequest.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\ConnIssue.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\LearnInternet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\RCMoreInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\helpeeaccept.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\DividerBar.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAChatClient.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAClient.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\setting.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar1.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar2.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAChatServer.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\SettingServer.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\RAStartPage.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\rcBuddy.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\msinfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysEvtLogInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysHealthInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysRemoteInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysServicesInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\AboutWU.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\Learn.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\LearnInternet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\learnWU.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\updatecenter.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mljifgh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

C:\WINDOWS\system32\pmnligg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wvurrqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

C:\WINDOWS\Web\tip.htm Infected: Net-Worm.Win32.Allaple.a skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

[bruce lee]

Re,

 

Télécharge eScan Antivirus Toolkit ici:

 

http://www.spywareinfo.dk/download/mwav.exe

 

Sauvegarde-le sur ton Bureau.

Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

 

Étape 2:

Voici comment mettre l'outil à jour :

 

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

 

http://img168.imageshack.us/img168/3984/escanunzipib8.jpg

 

 

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

 

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

 

4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

 

Ne pas lancer le scan tout de suite !

 

Étape 3:

Redémarre en mode Sans Échec http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

 

 

Étape 4:

Du mode Sans Échec, voici comment utiliser le programme :

 

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

 

http://img410.imageshack.us/img410/4966/mwavscanyb7.jpg

 

2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

 

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

 

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. assure toi que All local drives soit activé.

 

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

 

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

 

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

 

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

[B2oBa]

File C:\WINDOWS\System32\pmnligg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\System32\mljifgh.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\System32\pmnligg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\System32\wvurrqp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\Documents and Settings\Tyler\Bureau\sdfix\SDFix\backups_old1\logon.exe infected by "Trojan.Win32.Agent.dcb" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Tyler\Favoris\¤ Fonds d'écran - Wallpapers Cinéma ¤.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Program Files\Adobe\Adobe Help Viewer\1.0\help.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Aide\t.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Aide\version.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 1\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Diaporama vertical 2\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale bleu et gris\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale claire\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale foncée\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Horizontale à dessins\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\IndexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image horizontale\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\FrameSet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\IndexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Image verticale\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Simple\IndexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Simple\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau\IndexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau - Bleu\indexPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Adobe\Photoshop 7.0\Paramètres prédéfinis\Galerie Web Photo\Tableau - Bleu\SubPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Belle journée.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Camemberts.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Céramique.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Feuilles.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Fiesta.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Glacier.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Lierre.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Nature.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Punch aux agrumes.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Réseau.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Sucreries.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Technique.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Tournesol.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\Microsoft Shared\Papier à lettres\Vierge.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\Fichiers communs\System\ado\MDACReadme.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\Program Files\mksvfinal\mirc32.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.

File C:\Program Files\NetMeeting\netmeet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\Help\ciadmin.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\AboutCompat.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatOffline.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\LearnCompat.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\DFS\privacy.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\DFS\xmldialog.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\dvdupgrd.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrorMessagesOffline.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogshelp.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\rc\rcRequest.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\ConnIssue.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\LearnInternet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\RCMoreInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\helpeeaccept.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\DividerBar.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAChatClient.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAClient.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\setting.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar1.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar2.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAChatServer.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\SettingServer.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\RAStartPage.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\rcBuddy.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\msinfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysEvtLogInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysHealthInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysRemoteInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysServicesInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\AboutWU.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\Learn.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\LearnInternet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\learnWU.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\updatecenter.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File C:\WINDOWS\system32\mljifgh.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\system32\pmnligg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\system32\wvurrqp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.arv. No Action Taken.

File C:\WINDOWS\Web\tip.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File F:\Favoris\¤ Fonds d'écran - Wallpapers Cinéma ¤.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File F:\Musique\musique de films\Casino (128) Various Artists - OST BSO BOF - Mr. Yusseply\1995 Casino 1\Banda Sonora - 1500 Enlaces ed2k - Titulos En Español - OST BSO BOF - Mr. Yusseply.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

File F:\Musique\musique de films\Casino (128) Various Artists - OST BSO BOF - Mr. Yusseply\1995 Casino 1\Soundtrack - 1500 ed2k Links - English Titles - OST BSO BOF - Mr. Yusseply.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.

 

 

 

Voila le rapport.

[bruce lee]

Re,

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
  
• Clique sur le bouton Scan for Vundo
  
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
  
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
  
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse
  

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

1. Télécharge combofix.exe (par sUBs) ici :

 

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

 

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

 

sur ton Bureau.

 

2. Double clique sur combofix.exe puis tape 1 pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

[B2oBa]

VundoFix V6.7.0

 

Checking Java version...

 

Scan started at 14:56:39 11/12/2007

 

Listing files found while scanning....

 

C:\windows\system32\awtqnkh.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\awtqnkh.dll

C:\windows\system32\awtqnkh.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

 

 

ComboFix 07-12-11.1 - Tyler 2007-12-11 15:36:59.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1141 [GMT 1:00]

Running from: C:\Documents and Settings\Tyler\Bureau\ComboFix.exe

* Created a new restore point

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\ghhkj.ini

C:\WINDOWS\system32\ghhkj.ini2

C:\WINDOWS\system32\jkhhg.dll

C:\WINDOWS\system32\mljifgh.dll

C:\WINDOWS\system32\pmnligg.dll

C:\WINDOWS\system32\wvurrqp.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_DOMAINSERVICE

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-11 15:07 . 2007-12-11 15:07 59,392 --a------ C:\WINDOWS\tr941.exe

2007-12-11 15:05 . 2007-12-11 15:05 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-12-11 13:55 . 2007-12-11 15:11 <REP> d-------- C:\VundoFix Backups

2007-12-11 05:40 . 2007-12-11 05:40 <REP> d-------- C:\Program Files\Avira

2007-12-10 22:33 . 2007-12-10 22:33 30 --a------ C:\23990098.$$$

2007-12-10 20:31 . 2007-12-10 20:45 <REP> d-------- C:\Downloads

2007-12-10 20:30 . 2007-12-10 20:47 <REP> d-------- C:\Kaspersky

2007-12-10 13:00 . 2007-12-10 13:00 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-10 13:00 . 2007-12-10 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-10 11:35 . 2007-12-11 14:56 59 --a------ C:\WINDOWS\system32\o

2007-12-10 11:05 . 2007-12-10 11:05 <REP> d-------- C:\WINDOWS\ERUNT

2007-12-10 09:56 . 2007-12-10 09:56 <REP> d-------- C:\Documents and Settings\Tyler\Application Data\Grisoft

2007-12-10 09:56 . 2007-12-10 09:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-10 09:56 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-09 08:18 . 2007-12-11 05:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-07 05:26 . 2007-12-07 05:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-05 20:15 . 2007-12-05 20:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-05 20:15 . 2007-12-05 20:15 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-05 18:00 . 2007-12-09 14:54 807,957 ---hs---- C:\WINDOWS\system32\fhkdsuar.ini

2007-12-05 15:04 . 2002-08-29 11:33 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2007-12-05 15:04 . 2002-08-29 11:33 52,736 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys

2007-12-04 17:36 . 2007-12-04 17:37 802,034 ---hs---- C:\WINDOWS\system32\npgpgote.ini

2007-12-03 17:35 . 2007-12-04 17:35 801,974 ---hs---- C:\WINDOWS\system32\wcbvfrcl.ini

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-11 12:48 --------- d-----w C:\Program Files\mksvfinal

2007-12-05 22:03 --------- d-----w C:\Program Files\FlashFXP

2007-11-29 07:30 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Vso

2007-11-20 08:46 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Canon

2007-11-10 04:21 --------- d-----w C:\Program Files\QuickTime

2007-11-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

2007-10-11 19:55 --------- d-----w C:\Program Files\VSO

2007-10-11 19:53 --------- d-----w C:\Documents and Settings\Tyler\Application Data\XnView

2007-10-11 19:39 --------- d-----w C:\Program Files\XnView

2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2005-10-07 17:14 308,224 --sha-w C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll

2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 22:00 217,088 --sha-r C:\WINDOWS\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13:45]

"CursorXP"="C:\themeGold55\CursorXP\CursorXP.exe" [2001-12-13 19:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 16:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-11-11 12:47 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 16:00 C:\WINDOWS\system32\rundll32.exe]

"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 15:26]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-06-06 17:05]

"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2002-04-29 21:20]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-07 11:45]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-11 05:45]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoLowDiskSpaceCheck"= 1 (0x1)

"NoRecentDocsHistory"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoLowDiskSpaceCheck"= 1 (0x1)

 

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-09-07 10:48:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-11 15:40:49

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]

-> C:\themeGold55\CursorXP\CurXP0.dll

.

Completion time: 2007-12-11 15:42:02 - machine was rebooted

[bruce lee]

Re,

 

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

 

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 

File::

C:\WINDOWS\tr941.exe

C:\23990098.$$$

C:\WINDOWS\system32\o

C:\WINDOWS\QTFont.qfn

C:\WINDOWS\QTFont.for

C:\WINDOWS\system32\fhkdsuar.ini

C:\WINDOWS\system32\npgpgote.ini

C:\WINDOWS\system32\wcbvfrcl.ini

 

Folder:

C:\WINDOWS\system32\o

 

-Enregistre ce fichier dans: Bureau

-Nom du fichier : CFScript

-Type du fichier : tous les fichiers

-clique sur Enregistrer

-quitte le Bloc Notes

 

 

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt