help svp virus mabraze
Hors ligneZazdebaz Le 19/05/2009 à 19:58 Profil de Zazdebaz Configuration de Zazdebaz

alors voici les rapports

USBFIX


############################## [ UsbFix V3.021 # Cleaning ]

# User : Guillaume (Administrateurs) # PORTABLE
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:02:06 | 19/05/2009

#         Intel(R) Pentium(R) M processor 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 55,88 Go (10,15 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\antinul.vbe    
Deleted ! C:\WINDOWS\system32\Autoruns.exe    
Deleted ! C:\WINDOWS\system32\SelfDel.bat    

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe    
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !  

################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[19/05/2009 08:35|--a------|6426] - C:\aaw7boot.log
[12/05/2008 16:57|--a------|0] - C:\AUTOEXEC.BAT
[12/05/2008 16:51|---hs----|212] - C:\boot.ini
[28/08/2001 16:00|-rahs----|4952] - C:\Bootfont.bin
[12/05/2008 16:57|--a------|0] - C:\CONFIG.SYS
[12/05/2008 16:57|-rahs----|0] - C:\IO.SYS
[09/04/2009 15:46|--ah-----|462] - C:\IPH.PH
[12/05/2008 16:57|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 00:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 00:59|-rahs----|251712] - C:\ntldr
[29/02/2004 17:44|--a------|52576] - C:\orange.bmp
[?|?|?] - C:\pagefile.sys
[12/05/2008 18:46|--ah-----|268] - C:\sqmdata00.sqm
[12/05/2008 18:46|--ah-----|244] - C:\sqmnoopt00.sqm
[19/05/2009 19:02|--a------|3042] - C:\UsbFix.txt
[12/05/2008 17:18|--a------|59] - C:\XPSP2+_Version.txt

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! Fin du rapport # UsbFix V3.021 ! ]



antivir



Avira AntiVir Personal
Report file date: mardi 19 mai 2009  19:26

Scanning for 1410306 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : PORTABLE

Version information:
BUILD.DAT       : 9.0.0.394     17962 Bytes  17/04/2009 11:20:00
AVSCAN.EXE      : 9.0.3.5      466689 Bytes  19/05/2009 17:24:50
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27/02/2009 08:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20/02/2009 09:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27/02/2009 08:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27/10/2008 10:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes  11/02/2009 18:33:26
ANTIVIR2.VDF    : 7.1.3.185   2010112 Bytes  12/05/2009 17:24:50
ANTIVIR3.VDF    : 7.1.3.231    325632 Bytes  19/05/2009 17:24:50
Engineversion   : 8.2.0.168
AEVDF.DLL       : 8.1.1.1      106868 Bytes  19/05/2009 17:24:50
AESCRIPT.DLL    : 8.1.2.0      389497 Bytes  19/05/2009 17:24:50
AESCN.DLL       : 8.1.2.3      127347 Bytes  19/05/2009 17:24:50
AERDL.DLL       : 8.1.1.3      438645 Bytes  29/10/2008 16:24:41
AEPACK.DLL      : 8.1.3.16     397686 Bytes  19/05/2009 17:24:50
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes  26/02/2009 18:01:56
AEHEUR.DLL      : 8.1.0.129   1761655 Bytes  19/05/2009 17:24:50
AEHELP.DLL      : 8.1.2.2      119158 Bytes  26/02/2009 18:01:56
AEGEN.DLL       : 8.1.1.44     348532 Bytes  19/05/2009 17:24:50
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09/10/2008 12:32:40
AECORE.DLL      : 8.1.6.9      176500 Bytes  19/05/2009 17:24:50
AEBB.DLL        : 8.1.0.3       53618 Bytes  09/10/2008 12:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12/12/2008 06:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05/12/2008 08:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20/01/2009 12:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05/12/2008 08:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes  19/05/2009 17:24:50
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30/01/2009 08:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28/01/2009 13:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02/02/2009 06:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05/12/2008 08:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes  09/02/2009 09:45:45
RCTEXT.DLL      : 9.0.37.0      86785 Bytes  19/05/2009 17:24:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: mardi 19 mai 2009  19:26

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\main
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\modules
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\start
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\type
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\group
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\imagepath
    [INFO]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthttavbwuymwuxyvbvpexrloytafsxktqx\inst
    [INFO]      The registry entry is invisible.
'35821' objects were checked, '7' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'AnotherScripT.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\Documents and Settings\Guillaume\Mes documents\Downloads\son rimk\antinul.vbe
    [DETECTION] Contains recognition pattern of the VBS/Antinul.A VBS script virus
C:\Program Files\Couscous Script version1.0\CousCous Script.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/mIRC-1804800.A back-door program
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128364.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128365.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128366.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128367.sys
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128368.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128369.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128370.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\otmspr.exe
    [DETECTION] Is the TR/Agent.5632.44 Trojan
C:\WINDOWS\system32\drivers\etc\hosts
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192148.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192155.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192156.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192157.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192158.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192159.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192220.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192222.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192223.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192224.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192225.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192226.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192227.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192228.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192229.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.20090519-141930.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\WINDOWS\system32\drivers\etc\hosts.msn
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
C:\_OTMoveIt\MovedFiles\05192009_183016\WINDOWS\system32\plkhost.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Guillaume\Mes documents\Downloads\son rimk\antinul.vbe
    [DETECTION] Contains recognition pattern of the VBS/Antinul.A VBS script virus
    [NOTE]      The file was moved to '4a86f288.qua'!
C:\Program Files\Couscous Script version1.0\CousCous Script.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/mIRC-1804800.A back-door program
    [NOTE]      The file was moved to '4a87f28a.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128364.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '4a43f24b.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128365.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '49519cfc.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128366.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '4b381fd4.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128367.sys
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '495294a4.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128368.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '4953ad6c.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128369.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '4b379f94.qua'!
C:\System Volume Information\_restore{F100D540-F10F-4ED7-8FA7-4EBC3666D614}\RP87\A0128370.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '49508434.qua'!
C:\WINDOWS\system32\otmspr.exe
    [DETECTION] Is the TR/Agent.5632.44 Trojan
    [NOTE]      The file was moved to '4a7ff28f.qua'!
C:\WINDOWS\system32\drivers\etc\hosts
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '4a85f28a.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192148.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '49926713.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192155.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '4b00666b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192156.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491338a3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192157.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '4912237b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192158.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491d2b33.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192159.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '499c6fe3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192220.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491c130b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192222.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491f1bc3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192223.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491b7843.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192224.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '491a601b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192225.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '492568d3.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192226.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '499f57bb.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192227.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '499e5e73.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192228.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '4999464b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090518-192229.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '49984e03.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20090519-141930.backup
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '499b36db.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.msn
    [DETECTION] Contains recognition pattern of the WORM/SdBot.Hosts.39 worm
    [NOTE]      The file was moved to '499a3e93.qua'!
C:\_OTMoveIt\MovedFiles\05192009_183016\WINDOWS\system32\plkhost.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<Key Drv>=sz:plkhost.exe
    [NOTE]      The file was moved to '4a7df287.qua'!


End of the scan: mardi 19 mai 2009  19:53
Used time: 27:04 Minute(s)

The scan has been done completely.

   7908 Scanned directories
251139 Files were scanned
     29 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
     29 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
251109 Files not concerned
   1268 Archives were scanned
      1 Warnings
     30 Notes
  35821 Objects were scanned with rootkit scan
      7 Hidden objects were found

et hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:39, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Key Drv] plkhost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A98D136-9551-4EC9-9986-5054041AFCAC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{74D593CC-E022-4A08-83DD-EEB1F35BA7BA}: NameServer = 80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF2CF521-5E59-4448-A3DB-8D7519B793A9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9b519ac90bc8a) (gupdate1c9b519ac90bc8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7707 bytes
  voila
Hors ligneMister_masque Le 19/05/2009 à 20:32 Profil de Mister_masque Configuration de Mister_masque

Hé ben.

Rootkit ovfst*.*, va falloire utiliser l'artillerie lourde ...

!! Désactive Antivir !!

Télécharge Combofix

N'installe pas la console de recupération ... Ta version n'est pas légale ...

Exécute le, et poste le rapport : C:\Combofix.txt.

@+
--
Hors ligneZazdebaz Le 19/05/2009 à 20:46 Profil de Zazdebaz Configuration de Zazdebaz

voila le rapport

ComboFix 09-05-19.04 - Guillaume 19/05/2009 20:36.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.33.1036.18.503.181 [GMT 2:00]
Lancé depuis: c:\documents and settings\Guillaume\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\becfebedfddb_d.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((((((   Fichiers créés du 2009-04-19 au 2009-05-19  ))))))))))))))))))))))))))))))))))))
.

2009-05-19 17:20 . 2009-05-19 17:24     55640     ----a-w     c:\windows\system32\drivers\avgntflt.sys
2009-05-19 17:20 . 2009-05-19 17:20     --------     d-----w     c:\program files\Avira
2009-05-19 17:20 . 2009-05-19 17:20     --------     d-----w     c:\documents and settings\All Users\Application Data\Avira
2009-05-19 16:45 . 2009-05-19 17:03     --------     d-----w     C:\UsbFix
2009-05-19 16:30 . 2009-05-19 16:30     --------     d-----w     C:\_OTMoveIt
2009-05-19 16:09 . 2009-05-19 17:56     --------     d-----w     c:\program files\trend micro
2009-05-19 16:09 . 2009-05-19 16:10     --------     d-----w     C:\rsit
2009-05-18 16:51 . 2009-05-19 16:28     --------     d-----w     c:\program files\Spybot - Search & Destroy
2009-05-18 16:51 . 2009-05-19 16:28     --------     d-----w     c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 16:26 . 2009-05-18 16:26     --------     d--h--w     c:\windows\system32\GroupPolicy
2009-05-16 14:08 . 2009-05-16 14:08     --------     d-----w     c:\program files\Atomic RAR Password Recovery
2009-05-12 02:38 . 2009-05-12 02:38     --------     d-----w     c:\documents and settings\LocalService\Bureau
2009-05-12 01:42 . 2009-05-19 16:27     --------     d-----w     c:\program files\Lavasoft
2009-05-09 14:03 . 2009-05-09 14:03     --------     d-----w     c:\documents and settings\Guillaume\Local Settings\Application Data\Help
2009-05-04 17:11 . 2004-08-03 21:08     31616     ----a-w     c:\windows\system32\drivers\usbccgp.sys
2009-04-30 11:17 . 2009-04-30 11:17     --------     d-----w     c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-04-28 17:58 . 2009-04-30 11:17     --------     d-----w     c:\documents and settings\Guillaume\Local Settings\Application Data\Chat Republic Games
2009-04-26 19:09 . 2009-04-26 19:10     --------     d-----w     c:\program files\TVAnts
2009-04-24 19:01 . 2009-04-24 19:01     --------     d-----w     c:\documents and settings\Guillaume\Application Data\Malwarebytes
2009-04-24 19:01 . 2009-04-06 13:32     15504     ----a-w     c:\windows\system32\drivers\mbam.sys
2009-04-24 19:00 . 2009-04-06 13:32     38496     ----a-w     c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 19:00 . 2009-04-24 19:00     --------     d-----w     c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 19:00 . 2009-04-24 19:01     --------     d-----w     c:\program files\Malwarebytes' Anti-Malware
2009-04-23 19:46 . 2009-04-23 20:24     --------     d-----w     c:\program files\Babylon
2009-04-23 12:49 . 2009-04-23 16:05     --------     d-----w     c:\program files\Monster Trucks Nitro
2009-04-23 12:49 . 2009-05-19 06:36     --------     d---a-w     c:\documents and settings\All Users\Application Data\TEMP

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 17:53 . 2008-12-24 15:01     --------     d-----w     c:\program files\Couscous Script version1.0
2009-05-19 06:54 . 2009-04-04 11:36     --------     d-----w     c:\program files\Google
2009-05-15 22:36 . 2009-03-24 22:13     --------     d-----w     c:\program files\Windows Live Safety Center
2009-05-07 19:17 . 2009-04-27 13:50     0     ----a-w     c:\documents and settings\Guillaume\errorlog.tmp
2009-05-05 18:24 . 2008-10-07 15:53     --------     d-----w     c:\program files\eMule
2009-05-05 14:25 . 2001-08-28 14:00     142938     ----a-w     c:\windows\system32\perfc00C.dat
2009-05-05 14:25 . 2001-08-28 14:00     117876     ----a-w     c:\windows\system32\perfh00C.dat
2009-04-09 13:46 . 2009-04-09 13:42     --------     d-----w     c:\program files\AIM6
2009-04-09 13:44 . 2009-04-09 13:44     --------     d-----w     c:\program files\Fichiers communs\Software Update Utility
2009-04-09 13:43 . 2009-04-09 13:43     --------     d-----w     c:\program files\AIM Search
2009-04-09 13:43 . 2009-04-09 13:43     --------     d-----w     c:\program files\Viewpoint
2009-04-09 13:43 . 2009-04-09 13:43     --------     d-----w     c:\program files\Fichiers communs\AOL
2009-04-07 22:25 . 2009-04-07 22:25     --------     d-----w     c:\program files\Fichiers communs\Labtec
2009-04-07 22:24 . 2009-04-07 22:24     --------     d-----w     c:\program files\Fichiers communs\LogiShrd
2009-04-07 22:24 . 2009-04-07 22:23     --------     d-----w     c:\program files\Labtec
2009-04-04 05:43 . 2008-09-13 15:00     --------     d-----w     c:\program files\mIRC
2009-04-03 03:47 . 2009-04-03 03:47     --------     d-----w     c:\program files\Freezer+
2009-02-23 23:31 . 2009-02-23 23:31     339968     ----a-w     c:\windows\system32\pythoncom25.dll
2009-02-23 23:31 . 2009-02-23 23:31     2117632     ----a-w     c:\windows\system32\python25.dll
2009-02-23 23:31 . 2009-02-23 23:31     114688     ----a-w     c:\windows\system32\pywintypes25.dll
.

------- Sigcheck -------

[-] 2007-03-08 15:50     579072     4D88AAF39ADABFE45958EA1384E2C4FF     c:\windows\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\sp2qfe\user32.dll
[-] 2006-06-20 22:05     578048     C34920EB988CE98910BD6B0417F334EB     c:\windows\system32\user32.dll

[-] 2007-02-28 16:02     2059648     A1D5231403329478AE4FE2778C55C77F     c:\windows\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2gdr\ntkrnlpa.exe
[-] 2007-02-28 16:08     2061440     7A56A64EB50399613587E90292DD2AAB     c:\windows\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2qfe\ntkrnlpa.exe
[-] 2006-06-20 22:22     2059008     5311776074B6C13F983DC75BAEAC9C0C     c:\windows\system32\ntkrnlpa.exe

[-] 2007-02-28 16:02     2182400     7D6D19AAC51A4325F6039F083C22303C     c:\windows\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2gdr\ntoskrnl.exe
[-] 2007-02-28 16:08     2184192     8E244108562E0E452EB68DFF64CB08A9     c:\windows\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\sp2qfe\ntoskrnl.exe
[-] 2006-06-20 22:05     2181632     3E2A0A4A0C0B19FC113618A9562A3B2A     c:\windows\system32\ntoskrnl.exe

[-] 2006-05-16 22:39     1036288     76B3D5A12E1008FD656921D3035783F1     c:\windows\explorer.exe
[-] 2007-06-13 13:22     1037312     D0288319660EDCFED07C7E74C4EA38A5     c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
[-] 2007-06-13 13:10     1037312     B795475444D6D57A572C14B9E1A29839     c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe

[-] 2006-06-20 22:11     57856     AD3D9D191AEA7B5445FE1D82FFBB4788     c:\windows\system32\spoolsv.exe

[-] 2006-06-20 22:22     1548288     AEA063AF0963AC56F9CEAE444D9D1BB5     c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-24 68592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\BSmaxScripT[7.0]\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\Guillaume\\Mes documents\\Mes fichiers reçus\\Another-ScripT_V.1.2.0\\AnotherScripT.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/05/2009 19:20 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [09/04/2009 15:43 24652]
S2 gupdate1c9b519ac90bc8a;Service Google Update (gupdate1c9b519ac90bc8a);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 13:37 133104]
.
Contenu du dossier 'Tâches planifiées'

2009-05-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-04 11:36]

2009-05-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 11:36]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Examen supplémentaire -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
IE: E&xporter vers Microsoft Excel
Trusted Zone: chat-land.org
TCP: {5A98D136-9551-4EC9-9986-5054041AFCAC} = 80.10.246.2,80.10.246.129
TCP: {74D593CC-E022-4A08-83DD-EEB1F35BA7BA} = 80.10.246.2
TCP: {BF2CF521-5E59-4448-A3DB-8D7519B793A9} = 80.10.246.2,80.10.246.129
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Guillaume\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT177429&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.blackle.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT177429&SearchSource=2&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 20:40
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2000478354-602609370-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\windows\system32\ODBC32.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Illustrate\dBpoweramp\dBShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-05-19 20:43 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-05-19 18:43

Avant-CF: 10 650 152 960 octets libres
Après-CF: 10 572 181 504 octets libres

208
Hors ligneMister_masque Le 19/05/2009 à 21:03 Profil de Mister_masque Configuration de Mister_masque

Désinstalle via Ajout/suppression dans Panneau de configuration :

  • USBFIX
  • HijackThis



# 1 - Suppression des outils précédemment utilisés



Télécharge ToolsCleaner2 par A.Rothstein sur ton Bureau.

  • Execute le, clique droit >> Executer en tant qu'administrateur sous Vista (si sous XP, ignore cette étape).
  • Clique sur le bouton Recherche, si le programme ne répond pas ou si la fenêtre devient blanche c'est normal.
  • Une fois que la recherche est terminé, clique sur Suppression.
  • Ensuite clique sur, Vider la corbeille et Vider les fichiers temporaires.


NB: A la fin (il y aura des indications dans le cadre en-dessous), clique sur "Quitter" et poste le rapport qui se trouve dans C:\Tcleaner.txt

II - Supprimer les points de Restauration

Démarrer >> Executer :

Combofix /u

Tu as aussi, de très mauvaise habitude sur le web.
Tu cliques sur n'importe quoi, tu installes aussi n'importe quoi, et tu bourres ta machine d'anti-machin en croyant te sauver, sache que ce n'est pas la bonne techniques
Un peu de documentation : La lutte Anti-Malware

Installer un programme est une tache qui n'est pas banal ! N'importe quel programme peut cacher un Malware, prudence !

Si tu as des questions, ou autre, n'hésite pas.

--
Hors ligneZazdebaz Le 19/05/2009 à 21:13 Profil de Zazdebaz Configuration de Zazdebaz

g tout fait tes dernieres recomandations mais kan g fait quitté jai cherché le fichier txt et je le trouve pas je fait koi?
Hors ligneMister_masque Le 19/05/2009 à 21:15 Profil de Mister_masque Configuration de Mister_masque

Tu fais rien, tu supprimes tout les outils.

Un petit nettoyage s'impose

Tu peux installé Ccleaner Slim.



Installe le (si tu le souhaite). Clique sur Analyse puis sur Lancer le nettoyage, si tu a des message de confirmation, bah confirme .

Ensuite dans le menu latéral gauche clique sur Registre, puis sur chercher les erreurs, ensuite clique sur Réparé les erreurs sélectionnés.

Confirme, et clique sur Réparer toute les erreurs. Effectue cette opération 3 fois (si c'est ton premier nettoyage).



Aide: Tutoriel Ccleaner

@+
--
Hors ligneZazdebaz Le 19/05/2009 à 21:27 Profil de Zazdebaz Configuration de Zazdebaz

voila g tout fait ccleaner inclus 3 fois
jte remercie pour ton aide et pour tes recommandations je cliquerai plus qur nimporte quoi et je vais lire ton lien
merci encore a moins que ce soit pas fini lol
Hors ligneMister_masque Le 19/05/2009 à 21:45 Profil de Mister_masque Configuration de Mister_masque

Nan, c'bon.
Suis bien les conseils et tout ira bien.

Bonne soirée
--
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels