Se connecter / S'enregistrer
Votre question

Alerte "Windows security center" +lancement "SPYWARE GUARD 2008"

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Décembre 2008 13:30:30

Bonjour à toutes et tous.
Je pense que mon Pc est clafi de virus. Je m'en remets donc à vous aprés plusieurs tentatives restées vaines.
Un message intempestif de "windows security center" s'ouvre et me lance automatiquement "SPYWARE GUARD 2008". Lorsque je suis sur le net, des fenêtres s'ouvrent toutes seules...

Je sais qu'un sujet de ce type existe déjà sur le forum, mais je ne suis pas parvenu à effectuer les téléchargements.

J'ai AVIRA comme antivirus. Je suis sous xp sp3.

Bon je pars au boulot je vous remercie ;-)

Autres pages sur : alerte windows security center lancement spyware guard 2008

11 Décembre 2008 21:55:30

Bonsoir
à faire dans l'ordre

1
Télécharger Rooter.exe sur ton bureau
Double clique dessus et poste le rapport ( %Systemdrive%\Rooter.txt )
2

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.

    ++++++++++++++++
    12 Décembre 2008 00:11:07

    Bonsoir.
    Tout d'abord merci de te pencher sur ma question. C'est vraiment sympa ;-)

    Voici le rapport de ROOTER.

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Admin ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)


    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:72 Go (Free:54 Go)
    D:\ (Local Disk) - NTFS - Total:111 Go (Free:26 Go)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    J:\ (CD or DVD)
    K:\ (CD or DVD)
    L:\ (USB)

    12/12/2008| 0:02

    ----------------------\\ Search..

    C:\WINDOWS\system32\DdeMSvut.ini
    C:\WINDOWS\system32\DdeMSvut.ini2
    C:\WINDOWS\system32\tuvSMedD.dll
    ==> VUNDO <==

    C:\DOCUME~1\Admin\APPLIC~1\drivers\srosa2.sys
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15222234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15224625.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15224984.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15265375.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15295312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15295781.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15296281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15296687.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387062.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387125.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387140.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15414593.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15416140.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15416578.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15418031.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15419453.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15419921.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15450812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15451734.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15452250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15522812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15523171.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15523234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\174531.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\176125.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\176640.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\178312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\184015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\185687.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\186156.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\187203.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\192125.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\193859.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\194234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\195000.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\197593.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\197781.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198484.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\199218.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\199656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\200140.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\200812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\201296.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\209625.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\211265.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\211656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\217109.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\251656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\258703.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\259968.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\260875.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\262375.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\266078.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\266203.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\267984.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\270640.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\271015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\272046.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\272578.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277953.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277968.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\278953.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\279656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\279968.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\288984.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\290250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\290828.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\293250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\294343.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\294781.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\297015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\298406.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\298921.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29947203.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29948890.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29949265.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\300187.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30043468.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30044046.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30044421.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\300984.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30129250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30129265.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\301500.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30151484.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30152828.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30153265.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30154406.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30155718.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30156156.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30188859.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30189500.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30190265.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280062.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280406.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280468.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\315687.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\316140.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\316453.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\317640.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\320125.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\320546.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\322359.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\322843.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\323281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355031.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355578.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355640.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\357156.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\357875.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\358031.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\372250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\373640.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\374125.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\375343.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376203.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376359.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376734.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\377187.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\377281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\382484.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\383453.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384140.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384421.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\386750.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\387812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\388234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\395531.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\396687.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\396828.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\406234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\406765.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\407109.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\409812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\410218.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\410546.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\416062.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\417531.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\418437.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\420031.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\422328.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\423000.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4300859.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4303062.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4303484.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4304390.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4305234.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4305468.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4306546.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4309046.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4309453.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4387734.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4388328.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4406296.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4407500.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4408015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4409656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4410531.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4411015.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433046.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433484.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433796.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4487734.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4489250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4489312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\451890.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\452359.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\452765.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467812.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467875.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481031.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481625.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481687.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\538281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\539093.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\539281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\583703.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\599671.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\600953.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\601437.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\602718.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\628562.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\628734.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\629546.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\630968.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\631281.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\700828.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\701531.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\701546.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\719609.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\720890.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\721312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\722312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\723062.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\723656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\743890.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\744312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\744750.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\799656.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\800250.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\800312.exe
    C:\DOCUME~1\Admin\APPLIC~1\drivers\downld
    C:\DOCUME~1\Admin\APPLIC~1\drivers
    ==> BAGLE <==

    ----------------------\\ ROOTKIT !!

    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
    Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

    ----------------------\\ Rogues..

    C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\Spyware Guard 2008
    C:\PROGRA~1\Spyware Guard 2008

    ----------------------\\ Registry

    [HKEY_LOCAL_MACHINE\Software\TDSS]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\tdssdata]



    1 - "C:\Rooter$\Rooter_1.txt" - 12/12/2008| 0:05

    ----------------------\\ Scan completed at 0:05
    Contenus similaires
    12 Décembre 2008 00:51:47

    Concernant MalwareByte's Anti-Malware, impossible de l'exécuter en mode sans échec ni en mode normal d'ailleurs. Suite au redémarrage j'ai une erreur "qqcrypt.dll" qui s'affiche.

    l'affaire se corse on dirait...

    @+++
    12 Décembre 2008 21:26:51

    Bonsoir
    ok, on fait autrement:
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    mais attention, vu que c'est bagle, il faut feinter pour que tu puisses lancer l'outil donc:
    renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
    http://forum.pcastuces.com/sujet.asp?f=25&s=37315

    Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"
    13 Décembre 2008 15:09:44

    Voici ce fameux rapport. Au niveau du téléchargement de Combofix, le lien et la méthode proposés m'ont été refusés. Je me suis donc débrouillé autrement.


    "Admin" - 2008-12-13 14:59:15 Service Pack 3 [SAFE MODE]

    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Bureau\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))))))))


    2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-12-12 00:02 <REP> d-------- C:\Rooter$
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
    2008-12-11 11:51 47,872 --a------ C:\WINDOWS\syscert.exe
    2008-12-11 11:51 1,003,957 --a------ C:\WINDOWS\sysexplorer.exe
    2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
    2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
    2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
    2008-12-11 00:53 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-12-11 00:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
    2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
    2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
    2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
    2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
    2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
    2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
    2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
    2008-12-11 00:23 <REP> d-------- C:\Program Files\Spyware Guard 2008
    2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
    2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-12-10 19:51 583,699 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
    2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
    2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
    2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
    2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
    2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
    2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
    2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
    2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
    2008-12-09 10:32 36,352 --a------ C:\WINDOWS\system32\ssqPhICR.dll
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
    2008-12-09 09:44 65,024 --a------ C:\WINDOWS\system32\qoMdDtqq.dll
    2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
    2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
    2008-12-09 09:44 <REP> d-------- C:\Temp
    2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
    2008-12-08 17:27 <REP> d--h----- C:\LG3G
    2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
    2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
    2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
    2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-12-13 13:37:51 86,020 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-12-13 13:37:51 501,134 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
    2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
    2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
    2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
    2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
    2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
    2008-11-11 19:00:04 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
    2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
    2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
    2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
    2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
    2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
    2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
    2008-10-17 11:49:29 -------- d-----w C:\Program Files\A-Ray Scanner
    2008-10-17 11:17:03 -------- d-----w C:\Program Files\DiscScanX
    2008-10-17 11:08:34 -------- d-----w C:\Program Files\DVD Shrink
    2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
    2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-10-13 20:11:07 -------- d-----w C:\Program Files\GigaTribe
    2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
    2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 09:28]
    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
    {722AE731-70D2-4EED-B2C1-CD0AF2FCC3AE}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
    {92a676c1-daf6-4238-a965-5a8ee9d4dbc7}=C:\WINDOWS\system32\tezoom.dll [2008-12-11 13:02]
    {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
    "spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-11 11:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Config"=%systemroot%\system32\run.cmd
    "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)
    "EnableLUA"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
    "{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    %SystemRoot%\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
    ljJAqpNg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=tezoom.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
    rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
    "C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    napagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
    AutoRun\command- I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
    Auto\command- E:\Start.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


    Contents of the 'Scheduled Tasks' folder
    2008-12-11 23:00:02 C:\WINDOWS\tasks\cdthlaso.job

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-13 15:06:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    ********************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
    "ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

    Completion time: 2008-12-13 15:09:41
    C:\ComboFix-quarantined-files.txt ... 2008-12-13 15:09

    --- E O F ---



    @++
    15 Décembre 2008 18:02:43

    bonsoir
    locazion crée ton topic

    alxou, tu peux repasser combofix en mode normal ? je voudrais vérifier quelque chose.
    poste le nouveau rapport stp

    15 Décembre 2008 22:54:17

    Bonsoir Sham_Rock, voici le rapport demandé en mode normal.



    "Admin" - 2008-12-15 22:36:04 Service Pack 3
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Bureau\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))))))


    2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\qtyrhj.dll
    2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\hatqihja.dll
    2008-12-15 07:24 75,776 --a------ C:\WINDOWS\system32\cyfcghce.dll
    2008-12-14 18:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-12-14 18:51 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-12-14 18:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-12-14 15:20 <REP> d-------- C:\Program Files\Spyware Guard 2008
    2008-12-14 15:16 <REP> d-------- C:\Avenger
    2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\skoxuhou.dll
    2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\eumrvx.dll
    2008-12-13 20:06 <REP> d-------- C:\Program Files\Lavasoft
    2008-12-13 20:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2008-12-13 19:00 66,560 --a------ C:\WINDOWS\system32\geBtRljJ.dll
    2008-12-13 18:59 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe
    2008-12-13 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\wtdagl.dll
    2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\naajosmh.dll
    2008-12-13 15:32 75,776 --a------ C:\WINDOWS\system32\khjjpxup.dll
    2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-12-12 00:02 <REP> d-------- C:\Rooter$
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
    2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
    2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
    2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
    2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
    2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
    2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
    2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
    2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
    2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
    2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
    2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
    2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-12-10 19:51 580,976 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
    2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
    2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
    2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
    2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
    2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
    2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
    2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
    2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
    2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
    2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
    2008-12-09 09:44 <REP> d-------- C:\Temp
    2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
    2008-12-08 17:27 <REP> d--h----- C:\LG3G
    2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
    2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
    2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
    2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-12-15 12:57:14 88,240 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-12-15 12:57:14 506,804 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-12-14 12:58:07 -------- d-----w C:\Program Files\Yahoo!
    2008-12-14 12:50:58 -------- d-----w C:\Program Files\CCleaner
    2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
    2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
    2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
    2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
    2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
    2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
    2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
    2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
    2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
    2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
    2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
    2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
    2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
    2008-10-17 11:49:29 -------- d-----w C:\Program Files\A-Ray Scanner
    2008-10-17 11:17:03 -------- d-----w C:\Program Files\DiscScanX
    2008-10-17 11:08:34 -------- d-----w C:\Program Files\DVD Shrink
    2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
    2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
    2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {139FF99C-F908-4C67-85BB-8E44030B5CCB}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
    {ba727358-62f4-439a-8237-13e21006b032}=C:\WINDOWS\system32\qtyrhj.dll [2008-12-15 13:39]
    {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
    "spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-14 15:20]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-12-14 18:32]
    "80da8bad"="C:\WINDOWS\system32\cyfcghce.dll" [2008-12-15 07:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Config"=%systemroot%\system32\run.cmd
    "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
    "{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    %SystemRoot%\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
    ljJAqpNg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=qtyrhj.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
    rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
    "C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    napagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
    AutoRun\command- I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
    Auto\command- E:\Start.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


    Contents of the 'Scheduled Tasks' folder
    2008-12-15 13:00:00 C:\WINDOWS\tasks\cdthlaso.job

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 22:46:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    ********************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
    "ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

    Completion time: 2008-12-15 22:50:23
    C:\ComboFix-quarantined-files.txt ... 2008-12-15 22:49
    C:\ComboFix2.txt ... 2008-12-13 15:29
    C:\ComboFix3.txt ... 2008-12-13 15:09

    --- E O F ---


    Merci @+
    16 Décembre 2008 00:23:32

    re
    tu as passé plusieurs fois combofix seul... ça ne m'aide pas.
    Explique moi aussi comment tu t'es débroulllé pour ta version de ComboFix... je suis curieux de savoir où tu l'as récupéré et comment. :) 


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\qtyrhj.dll
    C:\WINDOWS\system32\hatqihja.dll
    C:\WINDOWS\system32\cyfcghce.dll
    C:\WINDOWS\system32\skoxuhou.dll
    C:\WINDOWS\system32\eumrvx.dll
    C:\WINDOWS\system32\geBtRljJ.dll
    C:\Lavasoft_Adaware_multi.exe
    C:\WINDOWS\system32\wtdagl.dll
    C:\WINDOWS\system32\naajosmh.dll
    C:\WINDOWS\system32\khjjpxup.dll
    C:\WINDOWS\system32\tezoom.dll
    C:\WINDOWS\system32\glsisvag.dll
    C:\WINDOWS\system32\ljJAqpNg.dll
    C:\WINDOWS\system32\vyphab.dll
    C:\WINDOWS\system32\mjgduttr.dll
    C:\WINDOWS\system32\kkmyceib.dll
    C:\WINDOWS\system32\gdvxyyms.dll
    C:\WINDOWS\spoolsystem.exe
    C:\WINDOWS\sys.com
    C:\WINDOWS\system32\winscenter.exe
    C:\WINDOWS\vmreg.dll
    C:\WINDOWS\reged.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
    C:\WINDOWS\system32\vhsxduiu.dll
    C:\WINDOWS\system32\pihuaa.dll
    C:\WINDOWS\system32\DdeMSvut.ini2
    C:\WINDOWS\system32\opnlIcyy.dll
    C:\WINDOWS\system32\rqRLfeCU.dll
    C:\WINDOWS\system32\jkkKaxVn.dll
    C:\WINDOWS\system32\utehvl.dll
    C:\WINDOWS\system32\jpcuaatd.dll
    C:\WINDOWS\system32\lqotdwte.dll
    C:\WINDOWS\system32\urqQkjJb.dll
    C:\WINDOWS\system32\tuvSMedD.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
    C:\WINDOWS\system32\iwuqcuod.dll



    Folder::
    C:\Program Files\Spyware Guard 2008
    C:\Rooter$
    C:\WINDOWS\system32\RS4
    C:\WINDOWS\system32\AT
    C:\WINDOWS\system32\uXPi02
    C:\Temp\DIV55
    C:\Documents and Settings\Admin\Application Data\gadcom

    Registry::
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {139FF99C-F908-4C67-85BB-8E44030B5CCB}=-
    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=-
    {ba727358-62f4-439a-8237-13e21006b032}=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "spywareguard"=-
    "80da8bad"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{4314C99B-5188-4EBC-A24D-4DE697340E82}"=-
    "{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
    [-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



    +++++++++++++++++

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Documents and Settings\Admin\gif.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.






    16 Décembre 2008 21:04:57

    bonsoir
    @ locazion, ton message a été effacé.
    Merci de créer ton sujet.

    On ne répondra pas sur celui-ci:
    Rappels de cette section
    18 Décembre 2008 17:36:47

    Bonsoir Sham_Rock,


    Concernant le téléchargement j'ai fait une recherche sur google et je suis tombé sur un site qui permet de le télécharger. J'ai conservé le lien en me disant que cela pourrait servir à d'autres.

    Depuis cette infection, l'accés à certains sites m'est carrément refusé (surtout ceux qui proposent des scan en ligne ou des téléchargements de logiciels d'analyse) ou me redirige vers un autre site.
    Bien souvent il suffit de copier/coller l'adresse url verte située en dessous du lien pour accéder au site. Malheureusement cela ne fonctionne pas toujours.

    Donc je n'ai malheureusement pas pu me rendre sur virustotal.com, ni sur jotti's virusScan. Toutes fois j'ai un scan de Kaspersky sous le coude si cela peut t'aider.

    Voici malgré tout le rapport combofix après manipulation :

    "Admin" - 2008-12-18 8:13:38 Service Pack 3
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\"
    Command switches used :: ""C:\Documents and Settings\Admin\Bureau\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 ))))))))))))))))))))))))))))))))))


    2008-12-17 15:17 124,928 --a------ C:\WINDOWS\system32\efcwgpyt.dll
    2008-12-17 15:17 124,928 --a------ C:\WINDOWS\system32\boirne.dll
    2008-12-17 15:15 75,776 --a------ C:\WINDOWS\system32\jocsyste.dll
    2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\qtyrhj.dll
    2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\hatqihja.dll
    2008-12-15 07:24 75,776 --a------ C:\WINDOWS\system32\cyfcghce.dll
    2008-12-14 18:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-12-14 18:51 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-12-14 18:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-12-14 15:20 <REP> d-------- C:\Program Files\Spyware Guard 2008
    2008-12-14 15:16 <REP> d-------- C:\Avenger
    2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\skoxuhou.dll
    2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\eumrvx.dll
    2008-12-13 20:06 <REP> d-------- C:\Program Files\Lavasoft
    2008-12-13 20:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2008-12-13 19:00 66,560 --a------ C:\WINDOWS\system32\geBtRljJ.dll
    2008-12-13 18:59 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe
    2008-12-13 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\wtdagl.dll
    2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\naajosmh.dll
    2008-12-13 15:32 75,776 --a------ C:\WINDOWS\system32\khjjpxup.dll
    2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-12-12 00:02 <REP> d-------- C:\Rooter$
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
    2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
    2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
    2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
    2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
    2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
    2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
    2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
    2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
    2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
    2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
    2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
    2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
    2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
    2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
    2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-12-10 19:51 572,402 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
    2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
    2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
    2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
    2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
    2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
    2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
    2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
    2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
    2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
    2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
    2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
    2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
    2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
    2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
    2008-12-09 09:44 <REP> d-------- C:\Temp
    2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
    2008-12-08 17:27 <REP> d--h----- C:\LG3G
    2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
    2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
    2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
    2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-12-18 07:05:27 88,684 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-12-18 07:05:27 507,938 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-12-14 12:58:07 -------- d-----w C:\Program Files\Yahoo!
    2008-12-14 12:50:58 -------- d-----w C:\Program Files\CCleaner
    2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
    2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
    2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
    2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
    2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
    2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
    2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
    2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
    2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
    2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
    2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
    2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
    2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
    2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
    2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
    2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
    2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {4cabb31c-fffd-43d9-9966-637c57bab422}=C:\WINDOWS\system32\boirne.dll [2008-12-17 15:17]
    {5D6201CF-4426-49DF-8549-B9E40894C476}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
    {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
    "spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-14 15:20]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-12-14 18:32]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Config"=%systemroot%\system32\run.cmd
    "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoStartBanner"=01000000
    "NoSMHelp"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSMBalloonTip"=1 (0x1)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWelcomeScreen"=1 (0x1)
    "NoAutoUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
    "{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    %SystemRoot%\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
    ljJAqpNg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=boirne.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
    rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
    "C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    napagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
    AutoRun\command- I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
    Auto\command- E:\Start.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


    Contents of the 'Scheduled Tasks' folder
    2008-12-18 06:46:52 C:\WINDOWS\tasks\cdthlaso.job

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-18 08:22:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    ********************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
    "ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

    Completion time: 2008-12-18 8:27:04
    C:\ComboFix-quarantined-files.txt ... 2008-12-18 08:26
    C:\ComboFix2.txt ... 2008-12-15 22:50
    C:\ComboFix3.txt ... 2008-12-13 15:29

    --- E O F ---

    Merci. @++
    18 Décembre 2008 22:33:38

    re
    ça n'a pas marché... quand je pense que j'ai passé au moins une demie heure sur ton rapport pour rien... :o 
    cette fois ci, il faut que ça marche. ;) 

    supprime ta version de combofix et supprime C:\QooBox
    puis prends la mienne mais ne la lance pas. Mets là bien sur le bureau.

    http://www.sendspace.com/file/pq70td


    après tu fais le copier/coller du script comme expliqué ci dessus.

    19 Décembre 2008 01:00:45

    Re bonsoir,

    J'ai donc effectué le scan avec ton "combofix". Le déroulement de la procédure a été différent que celui que j'utilisais précédemment.

    Point positif :)  : Windows securiy center et spyware guard 2008 ne se lancent plus. (J'éspère que je ne parle pas trop vite). Mais l'icone de ce dernier est toujours présent sur mon bureau.

    Voici donc le rapport :

    ComboFix 08-12-16.03 - Admin 2008-12-19 0:06:02.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.479 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\Admin\Bureau\combo-fix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Admin\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    C:\Lavasoft_Adaware_multi.exe
    C:\WINDOWS\reged.exe
    C:\WINDOWS\spoolsystem.exe
    C:\WINDOWS\sys.com
    C:\WINDOWS\system32\cyfcghce.dll
    C:\WINDOWS\system32\DdeMSvut.ini2
    C:\WINDOWS\system32\eumrvx.dll
    C:\WINDOWS\system32\gdvxyyms.dll
    C:\WINDOWS\system32\geBtRljJ.dll
    C:\WINDOWS\system32\glsisvag.dll
    C:\WINDOWS\system32\hatqihja.dll
    C:\WINDOWS\system32\iwuqcuod.dll
    C:\WINDOWS\system32\jkkKaxVn.dll
    C:\WINDOWS\system32\jpcuaatd.dll
    C:\WINDOWS\system32\khjjpxup.dll
    C:\WINDOWS\system32\kkmyceib.dll
    C:\WINDOWS\system32\ljJAqpNg.dll
    C:\WINDOWS\system32\lqotdwte.dll
    C:\WINDOWS\system32\mjgduttr.dll
    C:\WINDOWS\system32\naajosmh.dll
    C:\WINDOWS\system32\opnlIcyy.dll
    C:\WINDOWS\system32\pihuaa.dll
    C:\WINDOWS\system32\qtyrhj.dll
    C:\WINDOWS\system32\rqRLfeCU.dll
    C:\WINDOWS\system32\skoxuhou.dll
    C:\WINDOWS\system32\tezoom.dll
    C:\WINDOWS\system32\tuvSMedD.dll
    C:\WINDOWS\system32\urqQkjJb.dll
    C:\WINDOWS\system32\utehvl.dll
    C:\WINDOWS\system32\vhsxduiu.dll
    C:\WINDOWS\system32\vyphab.dll
    C:\WINDOWS\system32\winscenter.exe
    C:\WINDOWS\system32\wtdagl.dll
    C:\WINDOWS\vmreg.dll
    .

    Merci @++
    19 Décembre 2008 23:00:05

    bonsoir
    le rapport n'est pas complet
    Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"
    20 Décembre 2008 00:27:55

    Bonsoir,

    effectivement l'ordinateur s'est bloqué lorsque combofix était en train d'élaborer son rapport d'ou le fait qu'il soit incomplet. Faut il que je refasse un scan ?

    Au fait, toujours pas de nouvelle de la part de windows security center, et de spyware guard 2008. ;) 
    Par contre je suis toujours redirigé vers d'autres sites pendant ma navigation sur IE et Firefox.

    Merci
    20 Décembre 2008 22:57:26

    bonsoir
    refais un passage en mode sans échec stp
    20 Décembre 2008 23:07:33

    Bonsoir,

    Je te tiens au courant ;) 
    20 Décembre 2008 23:42:34

    Voici le scan en mode sans échec. Bon courage et merci :) 


    ComboFix 08-12-16.03 - Admin 2008-12-20 23:01:58.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.624 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Admin\Bureau\combo-fix.exe
    Commutateurs utilisés :: c:\documents and settings\Admin\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\docume~1\ALLUSE~1\APPLIC~1\svhost.exe
    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    C:\Lavasoft_Adaware_multi.exe
    c:\windows\reged.exe
    c:\windows\spoolsystem.exe
    c:\windows\sys.com
    c:\windows\system32\cyfcghce.dll
    c:\windows\system32\DdeMSvut.ini2
    c:\windows\system32\eumrvx.dll
    c:\windows\system32\gdvxyyms.dll
    c:\windows\system32\geBtRljJ.dll
    c:\windows\system32\glsisvag.dll
    c:\windows\system32\hatqihja.dll
    c:\windows\system32\iwuqcuod.dll
    c:\windows\system32\jkkKaxVn.dll
    c:\windows\system32\jpcuaatd.dll
    c:\windows\system32\khjjpxup.dll
    c:\windows\system32\kkmyceib.dll
    c:\windows\system32\ljJAqpNg.dll
    c:\windows\system32\lqotdwte.dll
    c:\windows\system32\mjgduttr.dll
    c:\windows\system32\naajosmh.dll
    c:\windows\system32\opnlIcyy.dll
    c:\windows\system32\pihuaa.dll
    c:\windows\system32\qtyrhj.dll
    c:\windows\system32\rqRLfeCU.dll
    c:\windows\system32\skoxuhou.dll
    c:\windows\system32\tezoom.dll
    c:\windows\system32\tuvSMedD.dll
    c:\windows\system32\urqQkjJb.dll
    c:\windows\system32\utehvl.dll
    c:\windows\system32\vhsxduiu.dll
    c:\windows\system32\vyphab.dll
    c:\windows\system32\winscenter.exe
    c:\windows\system32\wtdagl.dll
    c:\windows\vmreg.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\anctcekq.ini
    c:\windows\system32\bdmystvk.ini
    c:\windows\system32\biecymkk.ini
    c:\windows\system32\doucquwi.ini
    c:\windows\system32\drivers\TDSSpplt.sys
    c:\windows\system32\echgcfyc.ini
    c:\windows\system32\etsyscoj.ini
    c:\windows\system32\puqfsnob.ini
    c:\windows\system32\puxpjjhk.ini
    c:\windows\system32\pyrcqqng.ini
    c:\windows\system32\smyyxvdg.ini
    c:\windows\system32\TDSSarxx.dll
    c:\windows\system32\TDSSdxcp.dll
    c:\windows\system32\TDSSkkai.log
    c:\windows\system32\TDSSmtve.dat
    c:\windows\system32\TDSSnmxh.log
    c:\windows\system32\TDSSnvuo.dll
    c:\windows\system32\TDSSoity.dll
    c:\windows\system32\TDSSsahc.dll
    c:\windows\system32\TDSSvoql.dll
    c:\windows\system32\TDSSxhyf.log
    c:\windows\system32\UwxFLkkj.ini
    .
    ---- Previous Run -------
    .
    c:\docume~1\ALLUSE~1\APPLIC~1\svhost.exe
    c:\documents and settings\Admin\Application Data\drivers\downld
    c:\documents and settings\Admin\Application Data\drivers\downld\15222234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15224625.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15224984.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15265375.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15295312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15295781.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15296281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15296687.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15387062.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15387125.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15387140.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15414593.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15416140.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15416578.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15418031.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15419453.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15419921.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15450812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15451734.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15452250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15522812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15523171.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\15523234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\174531.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\176125.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\176640.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\178312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\184015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\185687.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\186156.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\187203.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\192125.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\193859.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\194234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\195000.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\197593.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\197781.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\198015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\198281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\198484.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\199218.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\199656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\200140.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\200812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\201296.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\209625.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\211265.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\211656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\217109.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\251656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\258703.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\259968.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\260875.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\262375.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\266078.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\266203.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\267984.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\270640.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\271015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\272046.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\272578.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\277312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\277953.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\277968.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\278953.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\279656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\279968.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\288984.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\290250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\290828.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\293250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\294343.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\294781.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\297015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\298406.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\298921.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\29947203.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\29948890.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\29949265.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\300187.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30043468.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30044046.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30044421.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\300984.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30129250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30129265.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\301500.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30151484.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30152828.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30153265.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30154406.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30155718.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30156156.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30188859.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30189500.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30190265.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30280062.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30280406.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\30280468.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\315687.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\316140.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\316453.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\317640.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\320125.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\320546.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\322359.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\322843.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\323281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\355031.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\355578.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\355640.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\357156.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\357875.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\358031.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\372250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\373640.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\374125.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\375343.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\376203.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\376359.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\376734.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\376812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\377187.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\377281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\382484.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\383453.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\384140.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\384281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\384421.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\386750.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\387812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\388234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\395531.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\396687.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\396828.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\406234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\406765.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\407109.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\409812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\410218.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\410546.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\416062.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\417531.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\418437.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\420031.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\422328.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\423000.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4300859.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4303062.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4303484.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4304390.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4305234.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4305468.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4306546.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4309046.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4309453.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4387734.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4388328.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4406296.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4407500.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4408015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4409656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4410531.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4411015.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4433046.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4433484.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4433796.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4487734.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4489250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\4489312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\451890.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\452359.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\452765.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\467312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\467812.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\467875.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\481031.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\481625.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\481687.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\538281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\539093.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\539281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\583703.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\599671.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\600953.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\601437.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\602718.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\628562.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\628734.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\629546.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\630968.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\631281.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\700828.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\701531.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\701546.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\719609.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\720890.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\721312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\722312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\723062.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\723656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\743890.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\744312.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\744750.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\799656.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\800250.exe
    c:\documents and settings\Admin\Application Data\drivers\downld\800312.exe
    c:\documents and settings\Admin\Application Data\drivers\srosa2.sys
    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
    C:\InfoSat.txt
    C:\Lavasoft_Adaware_multi.exe
    c:\program files\Spyware Guard 2008
    c:\program files\Spyware Guard 2008\conf.cfg
    c:\program files\Spyware Guard 2008\mbase.vdb
    c:\program files\Spyware Guard 2008\quarantine.vdb
    c:\program files\Spyware Guard 2008\queue.vdb
    c:\program files\Spyware Guard 2008\spywareguard.exe
    c:\program files\Spyware Guard 2008\vbase.vdb
    C:\Rooter$
    c:\rooter$\iNv.exe
    c:\rooter$\kill.reg
    c:\rooter$\KillD.txt
    c:\rooter$\KillF.txt
    c:\rooter$\lsTasks.exe
    c:\rooter$\OS.vbs
    c:\rooter$\OS_v.txt
    c:\rooter$\OsV.exe
    c:\rooter$\paths.bat
    c:\rooter$\RKit.lsd
    c:\rooter$\RoGUeS.lsd
    c:\rooter$\Rooter.txt
    c:\rooter$\Rooter_1.txt
    c:\rooter$\RooterT.cmd
    c:\rooter$\RunTool.txt
    c:\rooter$\sed.exe
    c:\rooter$\setpath.exe
    c:\temp\DIV55
    c:\temp\DIV55\xDb.log
    c:\windows\reged.exe
    c:\windows\spoolsystem.exe
    c:\windows\sys.com
    c:\windows\system32\AT
    c:\windows\system32\boirne.dll
    c:\windows\system32\bsjmez.dll
    c:\windows\system32\cyfcghce.dll
    c:\windows\system32\DdeMSvut.ini
    c:\windows\system32\DdeMSvut.ini2
    c:\windows\system32\efcwgpyt.dll
    c:\windows\system32\eumrvx.dll
    c:\windows\system32\gdvxyyms.dll
    c:\windows\system32\geBtRljJ.dll
    c:\windows\system32\glsisvag.dll
    c:\windows\system32\hatqihja.dll
    c:\windows\system32\ivwglrix.dll
    c:\windows\system32\jkkKaxVn.dll
    c:\windows\system32\jocsyste.dll
    c:\windows\system32\jpcuaatd.dll
    c:\windows\system32\kesjbq.dll
    c:\windows\system32\khjjpxup.dll
    c:\windows\system32\kkmyceib.dll
    c:\windows\system32\kvtsymdb.dll
    c:\windows\system32\ljJAqpNg.dll
    c:\windows\system32\lqotdwte.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mjgduttr.dll
    c:\windows\system32\naajosmh.dll
    c:\windows\system32\opnlIcyy.dll
    c:\windows\system32\pihuaa.dll
    c:\windows\system32\qbrbge.dll
    c:\windows\system32\qkectcna.dll
    c:\windows\system32\qtyrhj.dll
    c:\windows\system32\rqRLfeCU.dll
    c:\windows\system32\RS4
    c:\windows\system32\skoxuhou.dll
    c:\windows\system32\sxwqtwyn.dll
    c:\windows\system32\tezoom.dll
    c:\windows\system32\tuvSMedD.dll
    c:\windows\system32\urqQkjJb.dll
    c:\windows\system32\utehvl.dll
    c:\windows\system32\uXPi02
    c:\windows\system32\verlllgg.dll
    c:\windows\system32\vhsxduiu.dll
    c:\windows\system32\vyphab.dll
    c:\windows\system32\winscenter.exe
    c:\windows\system32\wtdagl.dll
    c:\windows\Tasks\cdthlaso.job
    c:\windows\vmreg.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV.SYS
    -------\Legacy_SK9OU0S
    -------\Legacy_SROSA
    -------\Service_sK9Ou0s


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-20 au 2008-12-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-19 01:14 . 2008-12-19 01:19 593 --a------ c:\windows\imsins.BAK
    2008-12-19 01:10 . 2008-12-19 01:10 <REP> d-------- c:\program files\MAM
    2008-12-19 01:10 . 2008-12-19 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-19 01:10 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-19 01:10 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-14 18:31 . 2008-12-18 23:38 <REP> d-------- c:\program files\ESET
    2008-12-13 20:06 . 2008-12-13 20:06 <REP> d-------- c:\program files\Lavasoft
    2008-12-13 20:06 . 2008-12-13 20:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-12-13 18:58 . 2008-12-13 18:58 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-13 15:09 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe
    2008-12-11 10:53 . 2008-12-11 10:53 <REP> d-------- c:\program files\Avira
    2008-12-11 10:53 . 2008-12-11 10:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-11 09:43 . 2008-12-11 09:43 0 --ahs---- c:\windows\klif.spi
    2008-12-11 00:47 . 2008-12-11 00:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-12-11 00:19 . 2008-12-11 00:29 <REP> d-------- c:\windows\BDOSCAN8
    2008-12-10 16:06 . 2008-12-19 09:02 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-10 16:06 . 2008-12-10 16:06 1,409 --a------ c:\windows\QTFont.for
    2008-12-10 14:29 . 2008-02-11 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-10 14:29 . 2008-02-11 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-10 14:29 . 2008-02-11 20:05 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-10 14:29 . 2008-02-11 20:59 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-10 14:29 . 2008-02-11 20:59 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-10 14:29 . 2008-02-11 20:09 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-10 14:29 . 2008-02-11 20:59 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-10 14:29 . 2008-12-10 14:29 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-09 19:56 . 2008-12-09 19:56 23,294 --a------ c:\documents and settings\Admin\gif.exe
    2008-12-09 09:44 . 2008-12-19 00:08 <REP> d-------- C:\Temp
    2008-12-08 17:43 . 2008-12-19 00:19 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers
    2008-12-08 17:27 . 2008-12-08 18:47 <REP> d--h----- C:\LG3G
    2008-12-08 17:26 . 2008-12-08 17:26 <REP> d-------- c:\documents and settings\Admin\Application Data\LG Electronics
    2008-12-08 17:22 . 2008-12-08 17:22 <REP> d-------- c:\program files\LG Electronics
    2008-12-08 17:22 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
    2008-12-08 17:22 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
    2008-12-08 17:22 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
    2008-12-08 17:20 . 2008-12-08 17:21 <REP> d-------- c:\program files\LG PC Suite 2
    2008-11-25 14:03 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-14 12:58 --------- d-----w c:\program files\Yahoo!
    2008-12-14 12:50 --------- d-----w c:\program files\CCleaner
    2008-12-10 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-10 23:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-10 18:36 --------- d-----w c:\program files\Sleepy
    2008-12-09 22:31 --------- d-----w c:\program files\Red Kawa
    2008-12-08 17:00 --------- d-----w c:\program files\eMule
    2008-12-08 16:24 --------- d-----w c:\program files\DivX
    2008-12-08 16:22 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-07 19:30 --------- d-----w c:\documents and settings\Admin\Application Data\OpenOffice.org2
    2008-12-03 14:48 --------- d-----w c:\program files\Java
    2008-11-21 11:40 2,034 ----a-w c:\documents and settings\Admin\Application Data\SAS7_000.DAT
    2008-11-20 14:13 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-07 15:15 --------- d-----w c:\program files\Skype
    2008-11-01 16:07 --------- d-----w c:\program files\Fichiers communs\Vbox
    2008-10-30 17:52 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
    2008-10-30 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2008-10-27 13:28 --------- d-----w c:\program files\Guitar Pro 5
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-21 07:02 --------- d-----w c:\program files\Microsoft.NET
    2008-10-20 17:37 --------- d-----w c:\program files\FileZilla FTP Client
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-02-20 00:05 13,560 --sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="move" [X]
    "Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --a------ 2004-03-11 00:26 406016 c:\windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    S0 Nqt60;Nqt60;c:\windows\system32\Drivers\Nqt60.sys []
    S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Admin\LOCALS~1\Temp\ewdmaudn.sys []
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-05 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-05 8320]
    S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2008-10-28 138112]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
    \Shell\Auto\command - E:\Start.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJAqpNg.dll
    BHO-{B319EDB4-5940-4D1E-82DA-C6AF858F7540} - c:\windows\system32\tuvSMedD.dll
    BHO-{ccae1011-2502-41a9-aa24-ed064f430ca8} - c:\windows\system32\qbrbge.dll
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys
    SafeBoot-wd.sys
    SafeBoot-sacsvr
    MSConfigStartUp-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.defaulthomepage.info/
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ekvb4ueb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ekvb4ueb.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-20 23:04:13
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
    "imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(276)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2008-12-20 23:05:21
    ComboFix-quarantined-files.txt 2008-12-20 22:04:48

    Avant-CF: 58,159,280,128 octets libres
    Après-CF: 58,146,136,064 octets libres

    546 --- E O F --- 2008-12-19 00:21:07
    21 Décembre 2008 00:55:40

    re
    tu dois pouvoir faire un passage avec Malwarebytes maintenant :) 
    23 Décembre 2008 13:42:44

    Bonjour Sham_Rock,

    Voici le rapport Malwarebytes :

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1456
    Windows 5.1.2600 Service Pack 3

    23/12/2008 13:30:19
    mbam-log-2008-12-23 (13-30-19).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 132275
    Temps écoulé: 14 hour(s), 38 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Application Data\drivers\srosa2.sys.vir (Worm.Bagel) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnvuo.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoity.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvoql.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpplt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000001.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.



    Voilà.

    Merci ;-)
    23 Décembre 2008 17:49:39

    re
    bien
    comment se comporte ton pc?
    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS