Cheval de troie ? Phenix oui...

Ok je remplace le nouveau rapport Vundo Fix plus haut , et j'enchaine la suite.

tu t'es trompé tu as remplacé le rapport Vundofix par celui de navilog

mais c'est sans importance le l'avais lu et il reste bien

C:\WINDOWS\system32\efcbaab.dll

on va s'en occuper

fait combofix et hijack

Vundofix ==> Replacer au bon endroit.
Combofix==> Fini plus haut.
Hijackthis ===> Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53, on 2008-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GrabShow 110\monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Belkin\Belkin Power Management Software\Monw32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39B0A3AF-EE3F-47C7-840A-60558B6A6EA7} - C:\WINDOWS\system32\asycfil.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B6A80C3C-6A55-42C0-B9F1-28E73E9A72E1} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SnapShotMoniter] C:\Program Files\GrabShow 110\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\enc bold.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Barb fast] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMTH~1\Meal Bait.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rupsmon - Belkin - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe

--
End of file - 8625 bytes


Merci


[ Ce message a été modifié par : : seraphinnoir le 06-01-2008 11:53 ]

Télécharger sur le bureau

OTMoveIt.exe
=================
relancer hijack
cocher ces lignes et clic ensuite sur fix checked

O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {39B0A3AF-EE3F-47C7-840A-60558B6A6EA7} - C:\WINDOWS\system32\asycfil.dll
O2 - BHO: (no name) - {B6A80C3C-6A55-42C0-B9F1-28E73E9A72E1} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\enc bold.exe
O4 - HKCU\..\Run: [Barb fast] C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMTH~1\Meal Bait.exe
= Copier ce texte ci dessous
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\asycfil.dll
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\enc bold.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMTH~1\Meal Bait.exe
= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse
+
nouveau hijack

=======================================================
merci de mettre tous les rapports sous Spoiler

pour cela sélectionner la totalité de chaque rapport mis dans la case réponse
et cliquer sur l'icone

Ok merci :)

Voiles les rapports:

Move_it

File/Folder C:\WINDOWS\system32\adssite_sidebar.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\asycfil.dll
C:\WINDOWS\system32\asycfil.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\asycfil.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Frag great bend logo\enc bold.exe scheduled to be moved on reboot.
C:\DOCUME~1\PROPRI~1\APPLIC~1\GRIMTH~1\Meal Bait.exe moved successfully.

Created on 01-06-2008 12:55:02


Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02, on 2008-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GrabShow 110\monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Belkin\Belkin Power Management Software\Monw32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39B0A3AF-EE3F-47C7-840A-60558B6A6EA7} - C:\WINDOWS\system32\asycfil.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SnapShotMoniter] C:\Program Files\GrabShow 110\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rupsmon - Belkin - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe

--
End of file - 8188 bytes

il y a résistance

Télécharger sur le bureau
SdFix
= Double-clic SDFix.
= Clic Install


= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel

------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport Report.

fixe cette ligne avec hijack

O2 - BHO: (no name) - {39B0A3AF-EE3F-47C7-840A-60558B6A6EA7} - C:\WINDOWS\system32\asycfil.dll

il faut supprimer

egqjkqgw.dat ==> dans C:\Windows\system32\drivers
asycfil.dll ==> dans C:\WINDOWS\system32\

il y aura aussi une clé de registre à supprimer

remet sur cette page un rapport combofix

Pour jacko17

Rapport SDFix


SDFix: Version 1.124

Run by Propriétaire on 2008-01-06 at 17:41

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
gocxkbad

Path:
system32\drivers\egqjkqgw.dat

gocxkbad - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service gocxkbad - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\egqjkqgw.dat - Deleted
C:\WINDOWS\SYSTEM32\ASYCFIL.DLL - Deleted
C:\n.bat - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 17:49:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,a3,a5,a0,f0,f5,7f,1e,94,eb,2e,a8,3a,b4,ad,d9,9e,e3,8b,a1,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,08,40,7f,93,82,9f,c6,1e,fb,82,0d,fa,ee,b6,ba,2c,..
"khjeh"=hex:02,af,f5,27,e7,05,8e,b4,5d,ad,31,8c,16,a3,9c,d6,c3,01,5f,8c,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,b1,94,55,f1,4e,4f,d2,21,3a,36,a7,ef,3f,e1,23,45,6e,22,59,3a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,a3,a5,a0,f0,f5,7f,1e,94,eb,2e,a8,3a,b4,ad,d9,9e,e3,8b,a1,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,08,40,7f,93,82,9f,c6,1e,fb,82,0d,fa,ee,b6,ba,2c,..
"khjeh"=hex:02,af,f5,27,e7,05,8e,b4,5d,ad,31,8c,16,a3,9c,d6,c3,01,5f,8c,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,b1,94,55,f1,4e,4f,d2,21,3a,36,a7,ef,3f,e1,23,45,6e,22,59,3a,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 90


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 9 Dec 2007 196 A.SHR --- "C:\BOOT.BAK"
Sun 9 Dec 2007 4,909,088 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 3 Nov 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 16 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Il m'a aussi fait un rapport catchMe

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 17:49:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,a3,a5,a0,f0,f5,7f,1e,94,eb,2e,a8,3a,b4,ad,d9,9e,e3,8b,a1,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,08,40,7f,93,82,9f,c6,1e,fb,82,0d,fa,ee,b6,ba,2c,..
"khjeh"=hex:02,af,f5,27,e7,05,8e,b4,5d,ad,31,8c,16,a3,9c,d6,c3,01,5f,8c,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,b1,94,55,f1,4e,4f,d2,21,3a,36,a7,ef,3f,e1,23,45,6e,22,59,3a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,a3,a5,a0,f0,f5,7f,1e,94,eb,2e,a8,3a,b4,ad,d9,9e,e3,8b,a1,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0a,08,40,7f,93,82,9f,c6,1e,fb,82,0d,fa,ee,b6,ba,2c,..
"khjeh"=hex:02,af,f5,27,e7,05,8e,b4,5d,ad,31,8c,16,a3,9c,d6,c3,01,5f,8c,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,b1,94,55,f1,4e,4f,d2,21,3a,36,a7,ef,3f,e1,23,45,6e,22,59,3a,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 90



Pour land3 :

O2 - BHO: (no name) - {39B0A3AF-EE3F-47C7-840A-60558B6A6EA7} - C:\WINDOWS\system32\asycfil.dll
ce n'etait pas dans la liste

egqjkqgw.dat ==> dans C:\Windows\system32\drivers==> il y est pas

asycfil.dll ==> dans C:\WINDOWS\system32\ ====> supprimé


Rapport combofix :

ComboFix 08-01-04.1 - Propriétaire 2008-01-06 18:09:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.579 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\efcbaab.dll
C:\WINDOWS\system32\mcrh.tmp
C:\winlogon.exe
C:\x.dat
C:\z.dat
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.

2008-01-06 17:39 . 2008-01-06 17:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-06 11:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 15:03 . 2008-01-05 15:03 <REP> d-------- C:\Program Files\Matroska Pack
2008-01-05 13:00 . 2008-01-05 22:29 <REP> d-------- C:\VundoFix Backups
2008-01-05 12:27 . 2008-01-05 12:38 <REP> d-------- C:\Program Files\Navilog1
2008-01-05 10:26 . 2008-01-05 10:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Atari
2008-01-05 10:26 . 2008-01-05 10:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Atari
2008-01-05 10:25 . 2008-01-05 10:25 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-04 12:09 . 2008-01-04 12:09 <REP> d-------- C:\Program Files\Ulead Systems
2008-01-04 12:09 . 2008-01-04 12:10 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2008-01-02 15:12 . 2008-01-02 15:12 107,584 --a------ C:\WINDOWS\system32\ipvkaxxw.exe
2008-01-02 12:06 . 2008-01-02 12:06 <REP> d-------- C:\Program Files\GRIMTHUNK
2008-01-01 15:48 . 2008-01-01 16:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 16:09 . 2007-12-31 16:09 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2007-12-31 16:09 . 2007-12-31 16:09 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2007-12-31 16:07 . 2007-12-31 16:07 <REP> d-------- C:\Program Files\VideoLAN
2007-12-30 13:56 . 2007-12-30 13:56 0 --a------ C:\mUldrop.bat
2007-12-28 16:55 . 2004-06-16 15:57 69,632 -ra------ C:\WINDOWS\system32\drivers\Usr_xp.sys
2007-12-28 16:48 . 2007-12-28 16:49 85 --a------ C:\WINDOWS\usrwiz.ini
2007-12-27 12:23 . 2007-12-27 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-26 19:09 . 2007-12-26 19:09 <REP> d-------- C:\WINDOWS\Sun
2007-12-25 20:28 . 2007-12-25 20:30 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ALLCapture
2007-12-25 20:28 . 2007-12-25 20:30 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ALLCapture
2007-12-25 19:47 . 2008-01-02 14:46 <REP> d-------- C:\Program Files\Fraps
2007-12-25 13:03 . 2007-12-25 13:03 <REP> d-------- C:\Program Files\Game Cam v1.4
2007-12-25 12:42 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-25 12:42 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-25 11:34 . 2007-12-25 11:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-23 18:19 . 2007-12-23 20:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-23 18:19 . 2007-12-23 18:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2007-12-23 18:19 . 2007-12-23 18:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
2007-12-23 18:06 . 2007-12-23 18:06 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 18:00 . 2007-12-23 18:00 <REP> d-------- C:\Program Files\EA GAMES
2007-12-22 16:36 . 2007-12-22 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-22 09:11 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-21 20:32 . 2007-12-21 20:32 <REP> d-------- C:\Program Files\DivX
2007-12-21 20:00 . 2008-01-02 12:07 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\GRIMTHUNK
2007-12-21 20:00 . 2008-01-02 12:07 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\GRIMTHUNK
2007-12-21 20:00 . 2008-01-06 12:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2007-12-21 19:59 . 2007-12-21 19:59 <REP> d-------- C:\Program Files\Circle Developement
2007-12-16 18:03 . 2007-12-16 18:03 <REP> d-------- C:\Documents and Settings\Famille\Application Data\La Bataille pour la Terre du Milieu ™ II
2007-12-16 15:07 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-16 15:07 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-16 15:07 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-16 15:06 . 2007-12-16 15:06 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-16 15:04 . 2007-12-16 15:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-16 15:04 . 2007-12-16 15:05 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-16 14:44 . 2008-01-06 17:57 3,688 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-16 14:28 . 2008-01-01 16:33 109 --a------ C:\WINDOWS\wininit.ini
2007-12-16 14:22 . 2007-12-16 14:22 <REP> d-------- C:\Program Files\Axon Data
2007-12-15 19:39 . 2007-12-15 19:39 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Ulead Systems
2007-12-15 18:43 . 2007-12-30 09:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-15 18:36 . 2007-12-15 18:36 <REP> d-------- C:\Program Files\Bonjour
2007-12-15 18:32 . 2007-12-29 09:05 <REP> d-------- C:\Program Files\WowCartographe
2007-12-15 18:23 . 2007-12-15 18:23 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-15 16:38 . 2007-12-15 16:41 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ulead Systems
2007-12-15 16:38 . 2007-12-15 16:41 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Ulead Systems
2007-12-15 16:37 . 2007-12-15 16:37 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2007-12-15 16:36 . 2007-12-15 16:36 <REP> d-------- C:\Program Files\Windows Media Components
2007-12-15 16:35 . 2008-01-04 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-15 15:00 . 2007-12-15 15:00 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-15 14:59 . 2007-12-15 14:59 <REP> d-------- C:\Program Files\Real
2007-12-15 14:59 . 2007-12-15 15:00 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-15 12:11 . 2007-12-15 14:02 <REP> d-------- C:\Program Files\THQ
2007-12-15 12:11 . 2007-12-15 12:11 <REP> d-------- C:\Extras
2007-12-15 09:55 . 2007-12-15 09:57 <REP> d-------- C:\Program Files\vtech
2007-12-15 09:06 . 2007-12-31 18:10 <REP> d-------- C:\Program Files\StuffPlug3
2007-12-13 18:24 . 2007-12-16 14:46 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Sonic
2007-12-12 17:08 . 2007-12-12 17:08 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-12 15:51 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-09 20:31 . 2004-01-01 17:37 <REP> d-------- C:\Documents and Settings\Famille\WINDOWS
2007-12-09 20:31 . 2004-01-01 15:39 <REP> d--h----- C:\Documents and Settings\Famille\Voisinage réseau
2007-12-09 20:31 . 2004-01-01 15:39 <REP> d--h----- C:\Documents and Settings\Famille\Voisinage d'impression
2007-12-09 20:31 . 2007-12-09 17:27 <REP> d--h----- C:\Documents and Settings\Famille\Modèles
2007-12-09 20:31 . 2007-12-13 13:12 <REP> dr------- C:\Documents and Settings\Famille\Mes documents
2007-12-09 20:31 . 2007-12-09 17:25 <REP> dr------- C:\Documents and Settings\Famille\Menu Démarrer
2007-12-09 20:31 . 2007-12-09 20:31 <REP> dr------- C:\Documents and Settings\Famille\Favoris
2007-12-09 20:31 . 2007-12-16 14:48 <REP> d-------- C:\Documents and Settings\Famille\Bureau
2007-12-09 20:31 . 2004-01-01 22:21 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Symantec
2007-12-09 20:31 . 2004-01-01 18:26 <REP> d-------- C:\Documents and Settings\Famille\Application Data\SampleView
2007-12-09 20:31 . 2007-12-13 17:17 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Intervideo
2007-12-09 20:10 . 2007-12-09 20:10 <REP> d-------- C:\Program Files\Free iPod Video Converter
2007-12-09 20:10 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2007-12-09 20:10 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-09 20:10 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2007-12-09 19:11 . 2007-12-09 19:11 <REP> d-------- C:\Program Files\EMUSB2.0
2007-12-09 19:11 . 2007-12-09 19:11 <REP> d-------- C:\Program Files\eMPIA
2007-12-09 19:08 . 2007-12-09 19:08 <REP> d-------- C:\Program Files\GrabShow 110
2007-12-09 19:08 . 2004-02-23 08:42 192,512 --a------ C:\WINDOWS\system32\3515hook.exe
2007-12-09 19:03 . 2007-12-09 19:03 <REP> d-------- C:\Program Files\WiFiConnector
2007-12-09 18:29 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-09 18:15 . 2007-12-09 18:15 <REP> d-------- C:\Program Files\Microsoft Games
2007-12-09 17:28 . 2008-01-06 17:56 250 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-12-09 17:27 . 2007-12-09 17:28 <REP> d-------- C:\WINDOWS\I386
2007-12-09 17:23 . 2008-01-06 18:03 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2007-12-09 17:23 . 2007-12-09 17:25 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2007-12-09 17:23 . 2008-01-06 11:50 <REP> dr------- C:\Program Files
2007-12-09 17:23 . 2008-01-06 11:56 <REP> dr------- C:\Documents and Settings\Propriétaire\Mes documents

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_11.43.55.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 05:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-06 16:39:54 3,563,520 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-06 16:39:55 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-05 05:57:26 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-06 16:39:46 3,563,520 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-06 16:39:46 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2004-08-19 23:09:19 65,024 -c--a-w C:\WINDOWS\system32\dllcache\asycfilt.dll
+ 2008-01-06 16:48:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"Fraps"="C:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2007-11-21 19:26 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 02:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"VTTimer"="VTTimer.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 06:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-13 02:13 98304]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-26 04:10 335872]
"UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 00:17 421888]
"SnapShotMoniter"="C:\Program Files\GrabShow 110\monitor.exe" [2004-09-10 10:25 2101302]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-15 14:59 185896]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 13:23 341488]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-12-09 19:03:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
Rupsmon Daemon.lnk - C:\Program Files\Belkin\Belkin Power Management Software\Monw32.exe [2007-12-09 10:11:28]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 17:00:00 C:\WINDOWS\Tasks\ADB46CCF9197E073.job"
- c:\docume~1\propri~1\applic~1\grimth~1\ace meow inside.exe
"2007-12-28 08:16:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-09 08:44:28 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:11:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 18:11:47
ComboFix-quarantined-files.txt 2008-01-06 17:11:31
.
2007-12-21 18:33:40 --- E O F ---

c'est mieux

refait un rapport hijack après avoir redémarrer le PC

dit si tu as encore des problèmes

Très bien merci beaucoup :)
Juste , avez-vous une idée de quel source proviennent ces virus?
Ou quel logiciel aurais-pu les détecter et les éliminer dessuite ?