Se connecter / S'enregistrer
Votre question

virus insuprimable

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Avril 2008 15:23:19

bonjour tout le monde

j'ai chopé un virus nomé : win32: agent-vgv
impossible de le retiré, il envoi plein d'emails bouffe ma connec internet et fait buggé méchament mon pc , avast arrive pas a le viré
aidé moi please

voila le raport hija :

Logfile of HijackThis v1.99.1
Scan saved at 15:04:50, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\documents and settings\dark\local settings\application data\sxdhnygc.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Systran\Classic3.0\sysclass.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\dark\Bureau\hijackthis\abcde.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

-startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] "C:\Documents and Settings\dark\Bureau\.//..//win.exe" /r
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe

sxdhnygc
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program

Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program

Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program

Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program

Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66}

- %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program

Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"

/service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony

Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony

Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Autres pages sur : virus insuprimable

22 Avril 2008 16:49:39

Salut,

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
22 Avril 2008 18:18:09

desolé du temps que ca a mis ca marché pas j'ai du mettre en mode sans echec pour que ca marche

Search Navipromo version 3.5.4 commencé le 22/04/2008 à 18:10:09,92

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Executé en mode sans échec

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\dark\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\dark\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" :

sxdhnygc.dat trouvé !
sxdhnygc_nav.dat trouvé !
sxdhnygc_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/04/2008 à 18:14:30,70 ***
Contenus similaires
Pas de réponse à votre question ? Demandez !
22 Avril 2008 18:29:38

Re,

Double clique sur le raccourci de navilog1.
Option 2 puis valide. (entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.

Ton bureau va disparaître.

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau


Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

Montorgueil ; VIP

~~> Supprime-les si présents ! (pas les autres) <~~

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

+++++++++++

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
22 Avril 2008 18:39:27

Clean Navipromo version 3.5.4 commencé le 22/04/2008 à 18:33:11,31

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Executé en mode sans échec


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\dark\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\dark\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" *

sxdhnygc.dat trouvé !
Copie sxdhnygc.dat réalisée avec succès !
sxdhnygc.dat supprimé !

sxdhnygc_nav.dat trouvé !
Copie sxdhnygc_nav.dat réalisée avec succès !
sxdhnygc_nav.dat supprimé !

sxdhnygc_navps.dat trouvé !
Copie sxdhnygc_navps.dat réalisée avec succès !
sxdhnygc_navps.dat supprimé !

sxdhnygc.exe trouvé !
Copie sxdhnygc.exe réalisée avec succès !
sxdhnygc.exe supprimé !

C:\WINDOWS\prefetch\sxdhnygc*.pf trouvé !
Copie C:\WINDOWS\prefetch\sxdhnygc*.pf réalisée avec succès !
C:\WINDOWS\prefetch\sxdhnygc*.pf supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 22/04/2008 à 18:33:45,78 ***

Logfile of HijackThis v1.99.1
Scan saved at 18:38:17, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] "C:\Documents and Settings\dark\Bureau\.//..//win.exe" /r
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

22 Avril 2008 18:44:16

Re,

Ton windows est légal ?

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
22 Avril 2008 19:18:22

re


SDFix: Version 1.173
Run by dark on 22/04/2008 at 19:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MRT82
TXB14

Path :
\??\C:\WINDOWS\System32\drivers\Mrt82.sys
\??\C:\WINDOWS\System32\drivers\Txb14.sys

MRT82 - Deleted
TXB14 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\AGL.EXE - Deleted
C:\WINDOWS\SYSTEM32\DLOAD.EXE - Deleted
C:\WINDOWS\SYSTEM32\EUROBAR.EXE - Deleted
C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\HPPRINT.EXE - Deleted
C:\WINDOWS\SYSTEM32\RE1.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUNDLL.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCRCON~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCREEN~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCRICON.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCVHOSTS.EXE - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~2.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSVO1.EXE - Deleted
C:\WINDOWS\SYSTEM32\UM.EXE - Deleted
C:\WINDOWS\SYSTEM32\VMWARE.EXE - Deleted
C:\Documents and Settings\dark\Bureau\hijackthis\abcde.exe.exe - Deleted
C:\WINDOWS\system32\setup_34660.exe - Deleted
C:\WINDOWS\system32\setup_46281.exe - Deleted
C:\WINDOWS\system32\TFTP2728 - Deleted
C:\Documents and Settings\dark\win.exe - Deleted
C:\WINDOWS\system32\dload.exe - Deleted
C:\WINDOWS\system32\hpprint.exe - Deleted
C:\WINDOWS\system32\rundll.exe - Deleted
C:\WINDOWS\system32\scvhosts.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\WLCtrl32.dl_ - Deleted
C:\WINDOWS\system32\drivers\MRT82.sys - Deleted
C:\WINDOWS\system32\drivers\OSV25.sys - Deleted
C:\WINDOWS\system32\drivers\OTV47.sys - Deleted
C:\WINDOWS\system32\drivers\QUX71.sys - Deleted
C:\WINDOWS\system32\drivers\TXB14.sys - Deleted
C:\WINDOWS\system32\drivers\TYB36.sys - Deleted
C:\WINDOWS\system32\drivers\UYC36.sys - Deleted
C:\WINDOWS\system32\drivers\VAD13.sys - Deleted
C:\WINDOWS\system32\drivers\VAD58.sys - Deleted
C:\WINDOWS\system32\drivers\VBD25.sys - Deleted
C:\WINDOWS\system32\drivers\WBE81.sys - Deleted
C:\WINDOWS\system32\drivers\XCF14.sys - Deleted
C:\WINDOWS\system32\drivers\XCF36.sys - Deleted
C:\WINDOWS\system32\drivers\XCG35.sys - Deleted
C:\WINDOWS\system32\drivers\XCG81.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:10:25
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0e,8e,33,8d,cb,c0,38,a0,2b,26,38,8d,b6,f9,53,df,fe,a0,f2,0d,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,02,67,f3,28,aa,10,6c,1f,96,41,f7,15,b2,d0,be,45,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,12,e2,6e,33,28,bf,72,08,b0,4f,c4,ef,95,00,3e,5e,36,a6,01,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ae5f6331
"s2"=dword:592db0a8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 Mar 2007 195 ..SH. --- "C:\BOOT.BAK"
Mon 16 Jul 2007 6,464 A..H. --- "C:\WINDOWS\system32\ptnyjxat.exe"
Tue 15 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 22 Jul 2007 444 ...HR --- "C:\Documents and Settings\dark\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

22 Avril 2008 19:51:33

Re,

Reposte un HijackTHis.
22 Avril 2008 19:55:28

Logfile of HijackThis v1.99.1
Scan saved at 19:55:01, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Systran\Classic3.0\sysclass.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

22 Avril 2008 19:58:15

Re,

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
22 Avril 2008 20:09:43

Search Navipromo version 3.5.4 commencé le 22/04/2008 à 20:06:18,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Executé en mode sans échec

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\dark\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\dark\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/04/2008 à 20:08:32,46 ***
22 Avril 2008 22:12:51

Re,

Reposte un HijackthiS.
22 Avril 2008 22:26:24

re

Logfile of HijackThis v1.99.1
Scan saved at 22:25:23, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Systran\Classic3.0\sysclass.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

22 Avril 2008 22:28:40

Re,

Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Ouvre Antivir, Vérifie qu’il soit bien à jour ! ; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
22 Avril 2008 23:06:20

re
pendant l'instalation de antivir un ecran bleu est apparu ca disé vidange de la memoire physique vers disk dur
23 Avril 2008 00:26:24

re




Avira AntiVir Personal
Report file date: mardi 22 avril 2008 23:30

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM


Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 22 avril 2008 23:30

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'spfprc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '0' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\dark\Bureau\catchme.zip
[0] Archive type: ZIP
--> MRT82.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> OSV25.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> OTV47.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> QUX71.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> TXB14.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> TYB36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> UYC36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VAD13.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VAD58.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VBD25.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WBE81.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCF14.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCF36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCG35.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCG81.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825a01.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/WLCtrl32.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backups/WLCtrl32.dl_
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4871604a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0108922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60d5.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0109922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60d9.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0110922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60de.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0111989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60eb.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0112989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60ef.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0113989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60f3.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0114087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6101.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0115087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6105.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0116087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6107.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0117087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f610b.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0119105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6116.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0120105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f611a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0121105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f611e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0121111.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6127.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0122111.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f612a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536146.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\snapshot\MFEX-2.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536147.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122185.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6135.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122240.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6152.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122245.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6154.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123240.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6155.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123244.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4958285e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123246.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6157.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123254.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123255.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6167.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124255.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6169.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124265.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f616e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124890.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61af.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124898.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0125268.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b6.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0126268.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b9.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0127278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61be.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0129278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c1.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0130278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c4.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0132278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c8.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '485361e0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0133278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ce.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0133341.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61d2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0134278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61d6.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0135278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61da.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136291.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e8.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0137344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ea.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0138344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ec.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0138354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61f0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0139354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61f2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0140354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0141354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6205.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0142354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6209.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0143419.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f620e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0143482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6213.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0144482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6216.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0145482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f621a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f621f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146496.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6224.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146497.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6225.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146498.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6228.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146499.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622b.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146500.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622d.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146501.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146502.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6231.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146503.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6233.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146554.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6238.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0148504.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f623c.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0148515.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f623f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149515.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6241.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149580.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6247.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149650.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f624d.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536276.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 23 avril 2008 00:21
Used time: 50:58 min

The scan has been done completely.

2894 Scanning directories
150026 Files were scanned
87 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
70 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
149939 Files not concerned
1812 Archives were scanned
4 Warnings
70 Notes

23 Avril 2008 00:59:58

Tu ne m'as pas répondu tout à l'heure.
Ton Windows est-il légal ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
23 Avril 2008 16:51:01

re

non pas legalle xp


23/04/2008 a 16:39:47,38

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
23 Avril 2008 17:03:56

Re,

Il faut que tu t'achètes une clef légale ;) 
Sinon tu ne bénéficie pas des mises à jour => Infections, failles de sécurité.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    23 Avril 2008 18:10:29

    re

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 673

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 65801
    Temps écoulé: 20 minute(s), 45 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Failed to unload process.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\cbxxuvtq.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Application (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149604.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149649.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbxxuvtq.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Delete on reboot.



    avir trouve des trojans il me dit plusieur option deny acess delete ou quarantaine je choisi quoi ?
    23 Avril 2008 18:15:31

    Quarantaine.

    Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

    Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
    Double clique combofix.exe.
    Accepte la licence en cliquant sur Oui.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    23 Avril 2008 20:07:47

    re
    j'ai plein de vundo et je sais pas ce qui c'est passé mais depuis ma reponse impossible de me connecté je vien juste d'y arriver
    23 Avril 2008 21:09:00

    re

    ComboFix 08-04-22.5 - dark 2008-04-23 20:17:19.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.654 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\msettings.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\cbxxuvtq.dll
    C:\WINDOWS\system32\dvsgabir.dll
    C:\WINDOWS\system32\nnnnljhf.dll
    C:\WINDOWS\system32\nnqtuutv.ini
    C:\WINDOWS\system32\nnqtuutv.ini2
    C:\WINDOWS\system32\ribagsvd.ini
    C:\WINDOWS\system32\rqroomkh.dll
    C:\WINDOWS\system32\vtuutqnn.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE
    -------\Legacy_IPRIP
    -------\Service_Iprip


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-23 20:03 . 2008-04-23 20:03 53,248 --a------ C:\WINDOWS\system32\pdvwoilg.exe
    2008-04-23 20:03 . 2008-04-23 20:03 34,788 --a------ C:\WINDOWS\system32\vssosbwc.exe
    2008-04-23 20:03 . 2008-04-23 20:03 23,040 --a------ C:\WINDOWS\system32\fidm.exe
    2008-04-23 19:16 . 2008-04-23 19:16 34,788 --a------ C:\WINDOWS\system32\qkbdle.exe
    2008-04-23 19:02 . 2008-04-23 19:02 34,788 --a------ C:\WINDOWS\system32\ibqlhxi.exe
    2008-04-23 18:58 . 2008-04-23 18:58 34,788 --a------ C:\WINDOWS\system32\mcehm.exe
    2008-04-23 18:46 . 2008-04-23 18:46 34,788 --a------ C:\WINDOWS\system32\peyymlwx.exe
    2008-04-23 18:35 . 2008-04-23 18:35 128 --a------ C:\WINDOWS\system32\zhipuu.bat
    2008-04-23 18:34 . 2008-04-23 18:34 34,788 --a------ C:\WINDOWS\system32\byqfxlk.exe
    2008-04-23 18:14 . 2008-04-23 18:14 34,788 --a------ C:\WINDOWS\system32\fmdbh.exe
    2008-04-23 18:12 . 2008-04-23 18:12 109,738 --a------ C:\WINDOWS\BM3f520d71.xml
    2008-04-23 17:57 . 2008-04-23 17:57 34,788 --a------ C:\WINDOWS\system32\qfgdgrm.exe
    2008-04-23 17:54 . 2008-04-23 17:54 34,788 --a------ C:\WINDOWS\system32\ylxgw.exe
    2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
    2008-04-23 17:33 . 2008-04-23 17:33 34,788 --a------ C:\WINDOWS\system32\mfsspuqx.exe
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 16:40 . 2008-04-23 16:40 1,183,256 --a------ C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-23 15:00 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
    "sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-17 21:16 185896]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "Advanced DHTML Enable"="C:\WINDOWS\System32\lhlrcdb.exe" [ ]
    "Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]
    "WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
    "WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S0 Bfi13;Bfi13;C:\WINDOWS\System32\Drivers\Bfi13.sys []
    S0 Hlo36;Hlo36;C:\WINDOWS\System32\Drivers\Hlo36.sys []
    S0 Nru14;Nru14;C:\WINDOWS\System32\Drivers\Nru14.sys []
    S0 Pux14;Pux14;C:\WINDOWS\System32\Drivers\Pux14.sys []
    S0 Twa03;Twa03;C:\WINDOWS\System32\Drivers\Twa03.sys []
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 Dik36;Dik36;C:\WINDOWS\System32\drivers\Dik36.sys []
    S3 Fjm03;Fjm03;C:\WINDOWS\System32\drivers\Fjm03.sys []
    S3 Gkn14;Gkn14;C:\WINDOWS\System32\drivers\Gkn14.sys []
    S3 Jnr47;Jnr47;C:\WINDOWS\System32\drivers\Jnr47.sys []
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 Osw25;Osw25;C:\WINDOWS\System32\drivers\Osw25.sys []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 Swa82;Swa82;C:\WINDOWS\System32\drivers\Swa82.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-23 21:03:54
    Windows 5.1.2600 NTFS

    detected NTDLL code modification:
    ZwClose

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-23 21:05:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-23 19:05:54

    Pre-Run: 9,251,545,088 octets libres
    Post-Run: 9,237,438,464 octets libres

    308
    23 Avril 2008 21:43:53

    Re,

    Il en reste.
    Bien infecté dis-donc.

    Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...

    *******

    Copie le texte se situant dans le cadre ci-dessous :

    Driver::
    Swa82
    Osw25
    Jnr47
    Bfi13
    Hlo36
    Nru14
    Pux14
    Twa03
    Dik36
    Fjm03
    Gkn14

    File::
    C:\WINDOWS\System32\drivers\Swa82.sys
    C:\WINDOWS\System32\drivers\Osw25.sys
    C:\WINDOWS\System32\drivers\Jnr47.sys
    C:\WINDOWS\System32\Drivers\Bfi13.sys
    C:\WINDOWS\System32\Drivers\Hlo36.sys
    C:\WINDOWS\System32\Drivers\Nru14.sys
    C:\WINDOWS\System32\Drivers\Pux14.sys
    C:\WINDOWS\System32\Drivers\Twa03.sys
    C:\WINDOWS\System32\drivers\Dik36.sys
    C:\WINDOWS\System32\drivers\Fjm03.sys
    C:\WINDOWS\System32\drivers\Gkn14.sys
    C:\WINDOWS\System32\wbem\scrcons32.exe
    C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
    C:\WINDOWS\system32\pdvwoilg.exe
    C:\WINDOWS\system32\vssosbwc.exe
    C:\WINDOWS\system32\fidm.exe
    C:\WINDOWS\system32\qkbdle.exe
    C:\WINDOWS\system32\ibqlhxi.exe
    C:\WINDOWS\system32\mcehm.exe
    C:\WINDOWS\system32\peyymlwx.exe
    C:\WINDOWS\system32\zhipuu.bat
    C:\WINDOWS\system32\byqfxlk.exe
    C:\WINDOWS\system32\fmdbh.exe
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\qfgdgrm.exe
    C:\WINDOWS\system32\ylxgw.exe
    C:\WINDOWS\system32\mfsspuqx.exe

    Folder::
    C:\WINDOWS\system32\i

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
    "WMI Standard Event Consumer - Scripting"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "WMI Standard Event Consumer - Scripting"=-
    "PcSync"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"=-
    "Adobe Reader Speed Launcher"=-
    "PCSuiteTrayApplication"=-
    "Advanced DHTML Enable"=-
    "Application Layer Gateway Service"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sxdhnygc"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "WMI Standard Event Consumer - Scripting"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.
    23 Avril 2008 22:33:02

    gros probleme internet


    ComboFix 08-04-22.5 - dark 2008-04-23 22:20:25.2 - NTFSx86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.803 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\dark\Mes documents\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\byqfxlk.exe
    C:\WINDOWS\System32\Drivers\Bfi13.sys
    C:\WINDOWS\System32\drivers\Dik36.sys
    C:\WINDOWS\System32\drivers\Fjm03.sys
    C:\WINDOWS\System32\drivers\Gkn14.sys
    C:\WINDOWS\System32\Drivers\Hlo36.sys
    C:\WINDOWS\System32\drivers\Jnr47.sys
    C:\WINDOWS\System32\Drivers\Nru14.sys
    C:\WINDOWS\System32\drivers\Osw25.sys
    C:\WINDOWS\System32\Drivers\Pux14.sys
    C:\WINDOWS\System32\drivers\Swa82.sys
    C:\WINDOWS\System32\Drivers\Twa03.sys
    C:\WINDOWS\system32\fidm.exe
    C:\WINDOWS\system32\fmdbh.exe
    C:\WINDOWS\system32\ibqlhxi.exe
    C:\WINDOWS\system32\mcehm.exe
    C:\WINDOWS\system32\mfsspuqx.exe
    C:\WINDOWS\system32\pdvwoilg.exe
    C:\WINDOWS\system32\peyymlwx.exe
    C:\WINDOWS\system32\qfgdgrm.exe
    C:\WINDOWS\system32\qkbdle.exe
    C:\WINDOWS\system32\vssosbwc.exe
    C:\WINDOWS\System32\wbem\scrcons32.exe
    C:\WINDOWS\system32\ylxgw.exe
    C:\WINDOWS\system32\zhipuu.bat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\awtqrppo.dll
    C:\WINDOWS\system32\byqfxlk.exe
    C:\WINDOWS\system32\byxxwvwx.dll
    C:\windows\system32\explorer.exe
    C:\WINDOWS\system32\fmdbh.exe
    C:\WINDOWS\system32\hggeddbx.dll
    C:\WINDOWS\system32\i\
    C:\WINDOWS\system32\ibqlhxi.exe
    C:\WINDOWS\system32\mcehm.exe
    C:\WINDOWS\system32\mfsspuqx.exe
    C:\WINDOWS\system32\peyymlwx.exe
    C:\WINDOWS\system32\qfgdgrm.exe
    C:\WINDOWS\system32\qkbdle.exe
    C:\WINDOWS\system32\urqpmkli.dll
    C:\WINDOWS\system32\vssosbwc.exe
    C:\WINDOWS\system32\ylxgw.exe
    C:\WINDOWS\system32\zhipuu.bat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PUX14
    -------\Service_Bfi13
    -------\Service_Dik36
    -------\Service_Fjm03
    -------\Service_Gkn14
    -------\Service_Hlo36
    -------\Service_Jnr47
    -------\Service_Nru14
    -------\Service_Osw25
    -------\Service_Pux14
    -------\Service_Swa82
    -------\Service_Twa03


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-23 22:23 . 2008-04-23 22:23 34,788 --a------ C:\WINDOWS\system32\oisni.exe
    2008-04-23 22:20 . 2008-04-23 22:20 34,788 --a------ C:\WINDOWS\system32\vremvbts.exe
    2008-04-23 22:20 . 2008-04-23 22:20 23,040 --a------ C:\WINDOWS\system32\ylsgvhs.exe
    2008-04-23 22:13 . 2008-04-23 22:13 126 --a------ C:\WINDOWS\system32\fwcr.bat
    2008-04-23 22:13 . 2008-04-23 22:13 116 --a------ C:\WINDOWS\system32\gvfvmt.bat
    2008-04-23 22:10 . 2008-04-23 22:10 34,788 --a------ C:\WINDOWS\system32\zoafd.exe
    2008-04-23 22:10 . 2008-04-23 22:10 23,040 --a------ C:\WINDOWS\system32\zogcjuf.exe
    2008-04-23 21:51 . 2008-04-23 21:51 0 -ra------ C:\WINDOWS\system32\TFTP1140
    2008-04-23 21:31 . 2008-04-23 21:31 34,788 --a------ C:\WINDOWS\system32\ahunjjr.exe
    2008-04-23 21:11 . 2008-04-23 21:11 34,788 --a------ C:\WINDOWS\system32\fhosnm.exe
    2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-23 19:22 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
    "sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "Windows Logon Application"="C:\WINDOWS\System32\winIogon.exe" [2001-08-28 14:00 63963]
    "Windows Explorer"="C:\WINDOWS\System32\explorer.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-23 22:23:53
    Windows 5.1.2600 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-23 22:26:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-23 20:26:28
    ComboFix2.txt 2008-04-23 19:06:01

    Pre-Run: 9,243,000,832 octets libres
    Post-Run: 9,230,839,808 octets libres

    329
    24 Avril 2008 00:05:07

    en mode normal mon ordi se fige tres souvent et pas d'internet
    ca marche que en mode sans echec
    24 Avril 2008 14:35:53

    re

    je dois faire quoi maintenant ??
    24 Avril 2008 18:41:16

    Re,

    Refais un scan Combofix, poste son rapport .
    24 Avril 2008 19:21:35

    re

    ComboFix 08-04-22.5 - dark 2008-04-24 19:10:32.3 - NTFSx86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.784 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\brtsrauq.dll
    C:\WINDOWS\system32\klnonmoq.ini
    C:\WINDOWS\system32\klnonmoq.ini2
    C:\WINDOWS\system32\mlmfulrs.dll
    C:\WINDOWS\system32\paemerhm.dll
    C:\WINDOWS\system32\qomnonlk.dll
    C:\WINDOWS\system32\srlufmlm.ini
    C:\WINDOWS\system32\vturopqr.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-24 19:14 . 5,894 C:\a.bat
    2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
    2008-04-24 01:44 . 2008-04-24 01:49 1,511,910 --------- C:\WINDOWS\system32\nod64.exe
    2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
    2008-04-23 23:47 . 2008-04-23 23:47 0 -ra------ C:\WINDOWS\system32\TFTP1372
    2008-04-23 23:10 . 2008-04-23 23:34 1,540,626 ---hs---- C:\WINDOWS\system32\dsfupdnw.ini
    2008-04-23 23:10 . 2008-04-24 14:37 109,776 --a------ C:\WINDOWS\BM3f520d71.xml
    2008-04-23 22:59 . 2008-04-23 22:59 34,788 --a------ C:\WINDOWS\system32\bxacmrf.exe
    2008-04-23 22:59 . 2008-04-23 22:59 23,040 --------- C:\WINDOWS\system32\gncksza.exe
    2008-04-23 22:23 . 2008-04-23 22:23 34,788 --a------ C:\WINDOWS\system32\oisni.exe
    2008-04-23 22:20 . 2008-04-23 22:20 34,788 --a------ C:\WINDOWS\system32\vremvbts.exe
    2008-04-23 22:20 . 2008-04-23 22:20 23,040 --a------ C:\WINDOWS\system32\ylsgvhs.exe
    2008-04-23 22:13 . 2008-04-23 22:13 126 --a------ C:\WINDOWS\system32\fwcr.bat
    2008-04-23 22:13 . 2008-04-23 22:13 116 --a------ C:\WINDOWS\system32\gvfvmt.bat
    2008-04-23 22:10 . 2008-04-23 22:10 34,788 --a------ C:\WINDOWS\system32\zoafd.exe
    2008-04-23 22:10 . 2008-04-23 22:10 23,040 --a------ C:\WINDOWS\system32\zogcjuf.exe
    2008-04-23 21:51 . 2008-04-23 21:51 0 -ra------ C:\WINDOWS\system32\TFTP1140
    2008-04-23 21:31 . 2008-04-23 21:31 34,788 --a------ C:\WINDOWS\system32\ahunjjr.exe
    2008-04-23 21:11 . 2008-04-23 21:11 34,788 --a------ C:\WINDOWS\system32\fhosnm.exe
    2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 17:09 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-23 18:12 34,788 ----a-w C:\WINDOWS\system32\tgygoem.exe
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-27 20:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
    2008-02-21 13:38 355,984 ----a-w C:\WINDOWS\system32\winhttp.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3E3594F-B1DD-4484-9E41-C839E24EB28E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF547813-2C2A-489B-8156-590294D3B34F}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
    "sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "Advanced DHTML Enable"="C:\WINDOWS\System32\gncksza.exe" [2008-04-23 22:59 23040]
    "Nod32 Service"="nod64.exe" [2008-04-24 01:49 1511910 C:\WINDOWS\system32\nod64.exe]
    "@"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Nod32 Service"="nod64.exe" [2008-04-24 01:49 1511910 C:\WINDOWS\system32\nod64.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"= }:Nod32 Service

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 19:13:51
    Windows 5.1.2600 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\System32\nview.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-24 19:16:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-24 17:16:31
    ComboFix2.txt 2008-04-23 20:26:35
    ComboFix3.txt 2008-04-23 19:06:01

    Pre-Run: 2,700,824,576 octets libres
    Post-Run: 2,714,988,544 octets libres

    302
    24 Avril 2008 20:30:26

    Re,

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\System32\wbem\scrcons32.exe
    C:\WINDOWS\system32\nod64.exe
    C:\WINDOWS\System32\gncksza.exe
    C:\WINDOWS\system32\TFTP1372
    C:\WINDOWS\system32\dsfupdnw.ini
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\bxacmrf.exe
    C:\WINDOWS\system32\gncksza.exe
    C:\WINDOWS\system32\oisni.exe
    C:\WINDOWS\system32\vremvbts.exe
    C:\WINDOWS\system32\ylsgvhs.exe
    C:\WINDOWS\system32\fwcr.bat
    C:\WINDOWS\system32\gvfvmt.bat
    C:\WINDOWS\system32\zoafd.exe
    C:\WINDOWS\system32\zogcjuf.exe
    C:\WINDOWS\system32\TFTP1140
    C:\WINDOWS\system32\ahunjjr.exe
    C:\WINDOWS\system32\fhosnm.exe
    C:\WINDOWS\system32\tgygoem.exe
    C:\WINDOWS\system32\i

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sxdhnygc"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced DHTML Enable"=-
    "Nod32 Service"=-
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Nod32 Service"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "{"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.
    24 Avril 2008 20:50:18

    ComboFix 08-04-22.5 - dark 2008-04-24 20:43:12.4 - NTFSx86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.720 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe
    Command switches used :: C:\Documents and Settings\dark\Mes documents\cfscript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\ahunjjr.exe
    C:\WINDOWS\system32\bxacmrf.exe
    C:\WINDOWS\system32\dsfupdnw.ini
    C:\WINDOWS\system32\fhosnm.exe
    C:\WINDOWS\system32\fwcr.bat
    C:\WINDOWS\system32\gncksza.exe
    C:\WINDOWS\System32\gncksza.exe
    C:\WINDOWS\system32\gvfvmt.bat
    C:\WINDOWS\system32\i
    C:\WINDOWS\system32\nod64.exe
    C:\WINDOWS\system32\oisni.exe
    C:\WINDOWS\system32\TFTP1140
    C:\WINDOWS\system32\TFTP1372
    C:\WINDOWS\system32\tgygoem.exe
    C:\WINDOWS\system32\vremvbts.exe
    C:\WINDOWS\System32\wbem\scrcons32.exe
    C:\WINDOWS\system32\ylsgvhs.exe
    C:\WINDOWS\system32\zoafd.exe
    C:\WINDOWS\system32\zogcjuf.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\ahunjjr.exe
    C:\WINDOWS\system32\bxacmrf.exe
    C:\WINDOWS\system32\dsfupdnw.ini
    C:\WINDOWS\system32\fhosnm.exe
    C:\WINDOWS\system32\fwcr.bat
    C:\WINDOWS\system32\gncksza.exe
    C:\WINDOWS\system32\gvfvmt.bat
    C:\WINDOWS\system32\i
    C:\WINDOWS\system32\nod64.exe
    C:\WINDOWS\system32\oisni.exe
    C:\WINDOWS\system32\TFTP1140
    C:\WINDOWS\system32\TFTP1372
    C:\WINDOWS\system32\tgygoem.exe
    C:\WINDOWS\system32\vremvbts.exe
    C:\WINDOWS\system32\ylsgvhs.exe
    C:\WINDOWS\system32\zoafd.exe
    C:\WINDOWS\system32\zogcjuf.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IISADMIN
    -------\Legacy_ImapiService
    -------\Legacy_SMTPSVC
    -------\Service_IISADMIN
    -------\Service_ImapiService
    -------\Service_SMTPSVC


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
    2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
    2008-04-23 20:12 . 2008-04-23 20:12 0 -ra------ C:\WINDOWS\system32\TFTP2184
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 18:44 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"= }:Nod32 Service

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 20:46:05
    Windows 5.1.2600 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-24 20:48:57 - machine was rebooted [dark]
    ComboFix-quarantined-files.txt 2008-04-24 18:48:55
    ComboFix2.txt 2008-04-24 17:16:37
    ComboFix3.txt 2008-04-23 20:26:35
    ComboFix4.txt 2008-04-23 19:06:01

    Pre-Run: 2,723,704,832 octets libres
    Post-Run: 2,711,666,688 octets libres

    194
    24 Avril 2008 21:16:00

    alors docteur quel est le diagnostique ? :) 
    24 Avril 2008 21:46:39

    C'est mieux ?

    Repasse SDFix stp qu'on a vu un peu plus tôt.

    Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
    REGEDIT4

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"=-

    [-HKLM\SYSTEM\CurrentControlSet\Services\SetupNTGLM7X]


    Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Enregistre le sous sur ton bureau sous le nom de Correction.reg
    Double-clique dessus, accepte l’inscription des données.
    24 Avril 2008 22:01:15

    oui ca va mieux

    j'ai une fenetre noire qui est apparu genre 1 ou 2 seconde mais ca a rien fait c'est normal ?
    24 Avril 2008 22:14:43

    internet ca va mieu mais l'ordi redémarre d'un coup
    24 Avril 2008 22:48:08

    Normal, la fenêtre noire. L'ordi a redémarré après la fenêtre noire ou comme ça ?

    Poste le rapport SDFix.
    24 Avril 2008 22:50:55

    non comme ca apres la fenetre j'ai rebooté et au bout de genre 5 min il a reboot tout seul
    24 Avril 2008 22:52:03

    ya pas eu de rapport
    24 Avril 2008 22:53:54

    Regarde dans le dossier SDFix..
    24 Avril 2008 23:00:25

    deja verifier il y a juste l'ancien
    24 Avril 2008 23:19:22

    j'ai refait sdfix voila le rapport


    SDFix: Version 1.173
    Run by dark on 24/04/2008 at 23:11

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\C.EXE - Deleted
    C:\WINDOWS\system32\c.exe - Deleted
    C:\WINDOWS\system32\TFTP2184 - Deleted
    C:\WINDOWS\system32\i - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 23:15:15
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:0e,8e,33,8d,cb,c0,38,a0,2b,26,38,8d,b6,f9,53,df,fe,a0,f2,0d,be,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e3,02,67,f3,28,aa,10,6c,1f,96,41,f7,15,b2,d0,be,45,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:94,12,e2,6e,33,28,bf,72,08,b0,4f,c4,ef,95,00,3e,5e,36,a6,01,0a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000]
    "Service"="oreans32"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="oreans32"
    "Capabilities"=dword:00000000
    "Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000\LogConf]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000]
    "Service"="oreans32"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="oreans32"
    "Capabilities"=dword:00000000
    "Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000\LogConf]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000]
    "Service"="oreans32"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="oreans32"
    "Capabilities"=dword:00000000
    "Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000\LogConf]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000]
    "Service"="oreans32"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="oreans32"
    "Capabilities"=dword:00000000
    "Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:ae5f6331
    "s2"=dword:592db0a8
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000]
    "Service"="oreans32"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="oreans32"
    "Capabilities"=dword:00000000
    "Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000\LogConf]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
    "khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "}?"="}?:*:Enabled:Nod32 Service"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 9 Mar 2007 195 ..SH. --- "C:\BOOT.BAK"
    Mon 16 Jul 2007 6,464 A..H. --- "C:\WINDOWS\system32\ptnyjxat.exe"
    Tue 15 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 22 Jul 2007 444 ...HR --- "C:\Documents and Settings\dark\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!



    25 Avril 2008 01:07:17

    Repasse Combofix, poste son rapport ..

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis ferme tous les programmes.
    Double-clique sur Gmer.exe.

    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Tout.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et poste le contenu ici.
    25 Avril 2008 01:58:49

    ComboFix 08-04-22.5 - dark 2008-04-25 1:36:52.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.601 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-25 01:36 . 2008-04-25 01:36 12,288 -ra------ C:\WINDOWS\system32\TFTP3420
    2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
    2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-24 23:17 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 23:52 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-27 20:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
    2008-02-21 13:38 355,984 ----a-w C:\WINDOWS\system32\winhttp.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3E3594F-B1DD-4484-9E41-C839E24EB28E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF547813-2C2A-489B-8156-590294D3B34F}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
    "sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"= }:Nod32 Service

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-25 01:54:28
    Windows 5.1.2600 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-25 1:57:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-24 23:57:05
    ComboFix2.txt 2008-04-24 18:48:58
    ComboFix3.txt 2008-04-24 17:16:37
    ComboFix4.txt 2008-04-23 20:26:35
    ComboFix5.txt 2008-04-23 19:06:01

    Pre-Run: 10,639,560,704 octets libres
    Post-Run: 10,644,062,208 octets libres

    264
    25 Avril 2008 02:15:30

    GMER 1.0.14.14205 - http://www.gmer.net
    Rootkit scan 2008-04-25 02:14:31
    Windows 5.1.2600


    ---- System - GMER 1.0.14 ----

    SSDT sptd.sys ZwEnumerateKey [0xF773D84E]
    SSDT sptd.sys ZwEnumerateValueKey [0xF773DBEE]

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 867DA1D8

    AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

    ---- EOF - GMER 1.0.14 ----
    25 Avril 2008 12:09:33

    Le rapport Gmer est complet ? (Juste pour savoir).

    On dirait que l'infection se recrée .. :( 

    Peux-tu poster un rapport HijackThis stp ?
    Après on essaiera un nouveau script ComboFix.

    **********

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
    Autorise les active x.
    Clique sur Démarrer Online Scanner.
    Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
    Colle son rapport ici.
    25 Avril 2008 14:16:03

    Logfile of HijackThis v1.99.1
    Scan saved at 14:15:39, on 25/04/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10} - (no file)
    O2 - BHO: (no name) - {A3E3594F-B1DD-4484-9E41-C839E24EB28E} - (no file)
    O2 - BHO: (no name) - {B522B44B-BC97-46FB-924E-E52CAB1132CF} - (no file)
    O2 - BHO: (no name) - {b7301bce-fabe-4d89-91f9-9bdfef75b299} - (no file)
    O2 - BHO: (no name) - {C7A08523-027D-4CDB-8FB7-BE8F089E7E10} - (no file)
    O2 - BHO: (no name) - {C8F06242-D1F7-4B5E-8686-E42FD412827A} - (no file)
    O2 - BHO: (no name) - {CF547813-2C2A-489B-8156-590294D3B34F} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
    O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
    O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
    O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
    O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
    O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
    O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
    O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
    O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
    O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
    O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
    O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
    O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
    O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: cbxxuvtq - C:\WINDOWS\
    O20 - Winlogon Notify: nnnnljhf - C:\WINDOWS\
    O20 - Winlogon Notify: vturopqr - C:\WINDOWS\
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

    25 Avril 2008 15:14:01

    internet redecone impossible de passé kapersky je crois que c'est de nouveau infecté
    25 Avril 2008 16:53:48

    Essaie en mode sans échec avec prise en charge réseau pour voir .. (pas via MSConfig).

    Sinon poste un nouveau ComboFix.
    25 Avril 2008 17:03:17

    internet marche que en mode sans echec et ca marche pas longtemp

    ComboFix 08-04-22.5 - dark 2008-04-25 16:55:58.6 - NTFSx86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.802 [GMT 2:00]
    Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bcfilnnn.ini
    C:\WINDOWS\system32\bcfilnnn.ini2
    C:\WINDOWS\system32\khfgefdb.dll
    C:\WINDOWS\system32\nnnlifcb.dll
    C:\WINDOWS\system32\vtusqonl.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-25 16:18 . 2008-04-25 16:18 73,216 -ra------ C:\WINDOWS\system32\TFTP476
    2008-04-25 15:17 . 2008-04-25 15:18 73,216 -ra------ C:\WINDOWS\system32\TFTP1056
    2008-04-25 15:17 . 2008-04-25 16:51 20,810 --a------ C:\pickice.exe
    2008-04-25 14:52 . 2008-04-25 14:52 73,216 -ra------ C:\WINDOWS\system32\antiv.exe
    2008-04-25 14:46 . 2008-04-25 14:46 44,516 --a------ C:\WINDOWS\system32\ktwod.exe
    2008-04-25 14:46 . 2008-04-25 14:46 32,768 --------- C:\WINDOWS\system32\kdhaeah.exe
    2008-04-25 14:38 . 2008-04-25 14:38 44,516 --a------ C:\WINDOWS\system32\bjagn.exe
    2008-04-25 14:38 . 2008-04-25 14:38 32,768 --------- C:\WINDOWS\system32\zsoppehb.exe
    2008-04-25 14:37 . 2008-04-25 14:37 109,738 --a------ C:\WINDOWS\BM3f520d71.xml
    2008-04-25 14:19 . 2008-04-25 14:19 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-25 14:19 . 2008-04-25 14:19 44,516 --a------ C:\WINDOWS\system32\qipp.exe
    2008-04-25 14:19 . 2008-04-25 14:19 32,768 --a------ C:\WINDOWS\system32\olubvuvs.exe
    2008-04-25 02:08 . 2008-04-25 02:14 250 --a------ C:\WINDOWS\gmer.ini
    2008-04-25 01:36 . 2008-04-25 01:36 12,288 -ra------ C:\WINDOWS\system32\TFTP3420
    2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
    2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
    2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
    2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
    2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-22 18:52 . 2008-04-24 23:17 <REP> d-------- C:\SDFix
    2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
    2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
    2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
    2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-25 14:48 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
    2008-04-25 12:55 --------- d-----w C:\Program Files\Azureus
    2008-04-25 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
    2008-04-21 12:08 --------- d-----w C:\Program Files\Google
    2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
    2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
    2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
    2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    .

    ------- Sigcheck -------

    2001-08-28 14:00 1014784 637538190cdfdbafb7f66c6d50a34ee7 C:\WINDOWS\explorer.exe
    2001-08-28 14:00 1014784 68ee774beb36a19db336d1902963d6d2 C:\WINDOWS\system32\dllcache\explorer.exe

    2001-08-28 14:00 23040 b8f6c0adeafd733c51cee12a1c9ba30d C:\WINDOWS\system32\ctfmon.exe
    2001-08-28 14:00 23040 7aae9ac8d29290e870fa9f8139a41135 C:\WINDOWS\system32\dllcache\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 874496]
    "sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 65024 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1634304 C:\WINDOWS\system32\nwiz.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 274689]
    "Advanced DHTML Enable"="C:\WINDOWS\System32\zsoppehb.exe" [2008-04-25 14:38 32768]
    "3c613eed"="C:\WINDOWS\System32\scxayebw.dll" [ ]
    "Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" [ ]
    "Microsoft Anivirus Monitor Process"="antiv.exe" [2008-04-25 14:52 73216 C:\WINDOWS\system32\antiv.exe]
    "BM3f520d71"="C:\WINDOWS\System32\kdumptga.dll" [ ]
    "runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-04-25 16:59 37376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Anivirus Monitor Process"="antiv.exe" [2008-04-25 14:52 73216 C:\WINDOWS\system32\antiv.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 23040]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "vidc.dvsd"= mcdvd_32.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.i420"= i420vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"= }:Nod32 Service

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
    S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
    S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-25 16:59:06
    Windows 5.1.2600 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\TEMP\DIL4.tmp
    C:\WINDOWS\mrofinu1001186.exexe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-25 17:01:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-25 15:01:46
    ComboFix2.txt 2008-04-24 23:57:12
    ComboFix3.txt 2008-04-24 18:48:58
    ComboFix4.txt 2008-04-24 17:16:37
    ComboFix5.txt 2008-04-23 20:26:35

    Pre-Run: 9,822,003,200 octets libres
    Post-Run: 9,706,815,488 octets libres

    288
    25 Avril 2008 17:49:52

    oula ! Tout revient ! :( 

    Bon on fait un script, et direct après le redémarrage de Combofix, tu tentes un scan en ligne, OK?
    Si ça ne marche toujours, pas fais une analyse complète avec AntiVir en mode sans échec, puis poste son rapport.

    Copie le texte se situant dans le cadre ci-dessous :

    Driver::
    SetupNTGLM7X

    File::
    C:\WINDOWS\System32\wbem\scrcons32.exe
    C:\WINDOWS\system32\antiv.exe
    C:\WINDOWS\mrofinu1001186.exe
    C:\WINDOWS\System32\zsoppehb.exe
    C:\WINDOWS\system32\TFTP476
    C:\WINDOWS\system32\TFTP1056
    C:\pickice.exe
    C:\WINDOWS\system32\ktwod.exe
    C:\WINDOWS\system32\kdhaeah.exe
    C:\WINDOWS\system32\bjagn.exe
    C:\WINDOWS\BM3f520d71.xml
    C:\WINDOWS\system32\qipp.exe
    C:\WINDOWS\system32\olubvuvs.exe
    C:\WINDOWS\system32\TFTP3420

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sxdhnygc"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced DHTML Enable"=-
    "3c613eed"=-
    "Local Security Authority Service"=-
    "Microsoft Anivirus Monitor Process"=-
    "BM3f520d71"=-
    "runner1"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Anivirus Monitor Process"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    WMI Standard Event Consumer - Scripting=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "}"=-


    Ouvre le Bloc-notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS