Votre question

Ordinateur ram a cause d'un virus... et problème Win32.

Tags :
  • ram
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Avril 2008 18:14:40

Bonjour,

alors je vous expliques le problème:
Mes fils utilisent mon ordinateur de travail, et téléchargent sur emule je crois. Se matin, en allumant mon ordinateur, celui-ci n'a pas eu de difficulté à se lancer correctement, mais au bout de quelques minutes, sur le bureau, je n'ai pas vu mon icône Avira, a coté de l'horloge. J'ai voulu donc l'allumer manuellement, mais il me dit une erreur:

"(...) Avira n'est pas une application win32 valide" quelque chose comme ça.

J'ai donc fais une rechercher, mais j'ai découvert que mon ordinateur ralentissait énormément, pour n'importe quelles applications. J'ai donc été consulté des exemples ici, j'ai fais un scan avec Ad-Aware qui m'a pas mal nettoyé mon ordinateur. Les ralentissements se font moins présents, mais il reste encore pas mal ralentit. De plus, je constate que je ne peux plus me mettre en mode sous échec.

Enfin, j'ai installer Hijack This pour vous envoyer mon rapport, mais il me dit quand je veux le démarrer:

"(...) HijackThis n'est pas une application win32 valide"

Pouvez vous m'aider à résoudre mon problème?
Merci beaucoup.
Cordialement.
Clets.

Autres pages sur : ordinateur ram cause virus probleme win32

2 Avril 2008 18:18:09

Salut,

Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d%u2019entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien la racine de la racine de la partition où est installé Windows, généralement -> C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
2 Avril 2008 18:18:10

edit: pffffffffffffff :D 
Contenus similaires
2 Avril 2008 18:19:13

Mohahahaha, bien grugé :p 
2 Avril 2008 18:32:31

Alors j'ai bien suivi ce que tu as dis:

je l'ai téléchargé,
je double clic dessus,
mais il y a un petit chargement et il me montre une fenêtre:

"por favor, envienos una muestra del fichero
C/\Muestras\HLDRRR.EXE.Muestra elibagle v11.20
a "virus@satinfo.es". Gracias"

Que dois-je faire?
Merci pour ton aide, c'est bon de savoir que l'on peut être aider! :) 
2 Avril 2008 18:40:18

Apparemment, on te demandra d'envoyer le fichier à l'adresse indiquée.

Et le rapport final ? ;) 

(Il se trouve dans C:\Infosat (je crois, merci de me dire le nom précis).
2 Avril 2008 18:40:33

Apparemment, je n'ai plus de son non plus... je crois bien que je suis mal barré..
2 Avril 2008 18:42:08

Je n'ai pas de rapport, il me file juste cette fenêtre avec l'adresse d'un fichier qui se trouve dans C:\muestras.
2 Avril 2008 18:55:09

ok bon je viens de faire ctrl+alt+sup pour terminer plusieurs processus aléatoire, après j'ai ré-essayé de lancer ELIBAGLA, j'ai eu le chargement, puis la fenêtre, puis (ce que je n'avais pas avant puisqu'il se fermait directement) j'ai réussi a voir le menu de ELIBAGLA, seulement, il disparaît au bout de quelque secondes...
2 Avril 2008 19:13:56

Tu es allé voir si tu avais un rapport dans C:\ ???
2 Avril 2008 19:41:38

alors je t'explique:
Je n'avait pas de rapport, j'ai donc redemarré, là, le logiciel s'est ouvrt dès le début et m'a crée un rapport dans le C:\
Entre temps, l'ordi a buggé et l'ecran est devenu bleu, puis s'est éteint.

Le voici le rapport:


Wed Apr 02 18:24:49 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:25:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:57 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:26:13 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:26:30 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:27:01 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:33:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:35:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:42:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:43:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:46:43 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:51:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:51:15 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:52:11 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:18 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:03 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:34 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 19:09:59 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:09 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:10:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:11:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:12:08 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:14:29 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:15:33 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0051736.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0053734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054732.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054875.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 6241
Nº Total de Ficheros: 75264
Nº de Ficheros Analizados: 10890
Nº de Ficheros Infectados: 5
Nº de Ficheros Limpiados: 5

Wed Apr 02 19:33:34 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:35:52 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
2 Avril 2008 20:26:05

Re, excuse moi pour le retard,
alors le son fonctionne et le mode sous échec aussi,
je te donne le rapport de Elibagla:


Wed Apr 02 18:24:49 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:25:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:57 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:26:13 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:26:30 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:27:01 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:33:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:35:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:42:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:43:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:46:43 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:51:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:51:15 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:52:11 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:18 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:03 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:34 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 19:09:59 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:09 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:10:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:11:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:12:08 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:14:29 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:15:33 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0051736.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0053734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054732.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054875.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 6241
Nº Total de Ficheros: 75264
Nº de Ficheros Analizados: 10890
Nº de Ficheros Infectados: 5
Nº de Ficheros Limpiados: 5

Wed Apr 02 19:33:34 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:35:52 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:47:53 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:48:09 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 19:52:17 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

Wed Apr 02 19:52:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6288
Nº Total de Ficheros: 69263
Nº de Ficheros Analizados: 7789
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Apr 02 20:05:44 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
2 Avril 2008 21:13:25

Re,

Je suppose que cette partie était en mode sans échec ?
-> Wed Apr 02 19:52:17 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

Wed Apr 02 19:52:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.

*******

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
3 Avril 2008 01:07:28

Excuse moi pour la réponse tardive..
Oui j'ai fais le scan précédent en mode sous échec , et, si ca peut te faliciter la tache, je suis sous XP.

J'ai suivi à la lettre tes instructions, voici le rapport de combofix:

ComboFix 08-04-02.1 - clem 2008-04-03 0:56:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1507 [GMT 2:00]
Endroit: C:\Documents and Settings\clem\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\clem\BureauEditorFKWP1.5.exe
C:\Documents and Settings\clem\BureauEditorFKWP2.0.exe
C:\Documents and Settings\clem\Bureaufilemanagerclient.exe
C:\Documents and Settings\clem\Bureaufkwp1.5.exe
C:\Documents and Settings\clem\Bureaufkwp2.0.exe
C:\Documents and Settings\clem\Bureaufwebd.exe
C:\Documents and Settings\clem\BureauFWebdEditor.exe
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\bdn.com
C:\WINDOWS\dwltqnmx.exe
C:\WINDOWS\fkdnrwsv.dll
C:\WINDOWS\Installer\{46662697-aaae-482c-823d-70e4d0df3590}\zip.dll
C:\WINDOWS\Installer\{a8132c75-c9bb-4f97-987d-2a033400ed05}\RunOnceComponent.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\sxfnewqb.dll
C:\WINDOWS\system32\ddcDtqQj.dll
C:\WINDOWS\system32\ljJAPJBr.dll
C:\WINDOWS\system32\rBJPAJjl.ini
C:\WINDOWS\system32\rBJPAJjl.ini2
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 19:28 . 2005-03-24 09:02 700,416 --a------ C:\Documents and Settings\clem\SkyTel.EXE
2008-04-02 18:26 . 2008-04-02 19:09 <REP> d-------- C:\Muestras
2008-04-02 18:12 . 2008-04-02 18:12 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 13:56 . 2008-04-02 13:56 16,544 -r-hs---- C:\Program Files\tmp3.exe
2008-04-02 13:55 . 2008-04-02 13:55 16,544 -r-hs---- C:\Program Files\tmp2.exe
2008-04-02 13:55 . 2008-04-02 13:55 16,544 -r-hs---- C:\Program Files\tmp1.exe
2008-04-02 13:55 . 2008-04-02 13:55 122 --a------ C:\tempdel.bat
2008-04-02 13:54 . 2008-04-02 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dmzgdazo
2008-04-02 13:54 . 2008-04-02 13:54 106,496 --a------ C:\WINDOWS\system32\dalihwry.exe
2008-04-02 13:54 . 2008-04-02 13:54 16,544 -r-hs---- C:\Program Files\tmp0.exe
2008-04-02 13:28 . 2005-03-24 09:02 700,416 -ra------ C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-02 13:27 . 2008-04-02 18:07 <REP> d-------- C:\WINDOWS\system32\drivers\downld
2008-04-02 13:27 . 2005-03-24 09:02 700,416 -ra------ C:\Documents and Settings\clem\RTHDCPL.EXE
2008-04-02 13:18 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-31 11:16 . 2008-03-31 11:16 36,352 --a------ C:\WINDOWS\system\smvss.exe
2008-03-31 11:02 . 2008-03-31 11:02 <REP> d-------- C:\Program Files\THQ
2008-03-31 10:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-31 10:51 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-31 10:51 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-31 10:51 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-31 10:51 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 10:51 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-29 20:07 . 2008-03-29 20:08 16,040,430 --a------ C:\y.bmp
2008-03-29 10:06 . 2008-04-01 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 10:06 . 2008-03-29 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 18:17 . 2008-03-27 18:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-27 18:17 . 2008-03-27 18:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 19:33 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-03-25 19:33 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-03-25 19:33 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-03-21 17:52 . 2008-03-27 18:16 <REP> d-------- C:\Program Files\Google
2008-03-21 17:24 . 2008-03-21 17:24 <REP> d-------- C:\Documents and Settings\clem\Application Data\EPSON
2008-03-18 17:36 . 2008-03-18 17:36 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-18 17:35 . 2008-03-21 17:26 <REP> d-------- C:\Documents and Settings\clem\Application Data\Smart Panel
2008-03-18 11:17 . 2008-03-18 11:17 <REP> d-------- C:\Documents and Settings\clem\Application Data\Auslogics
2008-03-18 11:15 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-18 11:15 . 1998-07-13 01:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-03-18 11:14 . 2004-10-06 14:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-03-18 11:14 . 2004-10-06 14:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-03-18 11:14 . 2006-04-17 00:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-03-18 11:14 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-03-18 11:14 . 2004-02-23 01:00 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-18 11:14 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-03-18 11:14 . 1998-07-13 01:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-03-17 20:14 . 1999-06-15 12:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-17 20:14 . 1999-12-07 03:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-17 20:14 . 1999-04-27 01:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-17 20:14 . 1999-08-10 00:50 72 --------- C:\WINDOWS\system32\epDPE.ini
2008-03-17 20:13 . 2008-03-17 20:19 <REP> d-------- C:\Program Files\Smart Panel
2008-03-17 20:13 . 2004-02-01 04:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-17 20:13 . 2002-11-15 01:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-17 20:13 . 2002-11-15 01:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-17 20:13 . 2004-02-01 04:00 38,028 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-17 20:13 . 2004-02-01 04:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-17 20:13 . 2004-02-01 04:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-03-17 20:13 . 2004-02-01 04:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-03-17 20:11 . 2004-04-19 22:03 79,654 --a------ C:\WINDOWS\system32\E_FLM9HE.DLL
2008-03-17 20:11 . 2003-05-20 19:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9HE.DLL
2008-03-17 20:11 . 2000-06-06 18:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9HE.DLL
2008-03-17 20:09 . 2008-03-17 20:09 27 --a------ C:\WINDOWS\CDE RX620EI.ini
2008-03-17 20:04 . 2008-03-17 20:17 <REP> d-------- C:\Program Files\epson
2008-03-17 20:04 . 2008-03-17 20:04 <REP> d-------- C:\epson
2008-03-17 20:04 . 2005-07-01 01:00 88,576 --a------ C:\WINDOWS\system32\esxuni.dll
2008-03-17 20:04 . 2005-07-01 01:00 71,680 --a------ C:\WINDOWS\system32\esxuimgd.dll
2008-03-17 20:04 . 2003-07-01 01:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-03-17 20:04 . 2005-07-01 01:00 39,424 --a------ C:\WINDOWS\system32\esxucmd.dll
2008-03-17 20:04 . 2003-07-01 01:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:04 . 2003-07-01 01:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-03-13 21:19 . 2008-03-13 21:19 33,554,432 --a------ C:\tvpaint3608.1031.tmp
2008-03-03 11:48 . 2008-04-02 20:05 <REP> d-------- C:\WTablet

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 23:01 --------- d-----w C:\Documents and Settings\clem\Application Data\WTablet
2008-04-02 18:08 --------- d-----w C:\Program Files\Wanadoo
2008-04-02 16:34 --------- d-----w C:\Documents and Settings\clem\Application Data\OpenOffice.org2
2008-04-02 12:07 --------- d-----w C:\Documents and Settings\clem\Application Data\vmntoolbar
2008-04-02 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:50 --------- d-----w C:\Documents and Settings\clem\Application Data\Winamp
2008-03-27 12:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-27 12:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 12:07 --------- d-----w C:\Program Files\Winamp
2008-03-21 15:52 --------- d-----w C:\Program Files\Java
2008-03-18 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 11:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Canon
2008-02-27 20:13 --------- d-----w C:\Program Files\Windows Live
2008-02-27 20:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 18:39 --------- d-----w C:\Documents and Settings\clem\Application Data\Classes de site
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\LimeWire
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\Chessmaster Challenge
2008-02-23 14:22 75,303,976 ----a-w C:\BackupRegistry(20080223).reg
2008-02-21 18:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR
2008-02-21 17:56 --------- d-----w C:\Documents and Settings\clem\Application Data\PC Tools
2008-02-15 15:08 --------- d-----w C:\Documents and Settings\clem\Application Data\Sites
2008-02-15 03:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Dynamique
2008-02-15 03:02 --------- d-----w C:\Program Files\vmntoolbar
2008-02-14 18:10 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 18:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:44 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-02-07 12:25 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-07 12:25 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
2007-10-15 18:51 8 -c--a-w C:\Documents and Settings\clem\.bztarotcumul.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 18:47 7573504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 18:47 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"amd_dc_opt"="D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 16:03 1689600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 19:36 249896]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"devenv"="C:\WINDOWS\system\smvss.exe" [2008-03-31 11:16 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tWYItH3AOh"= C:\Documents and Settings\All Users\Application Data\dmzgdazo\vspetqhm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools Lite"="d:\Program Files\DAEMON Tools\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 14:25]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:55]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 23:49]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S4 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 14:25]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-31 10:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-28 16:15:00 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 01:02:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-03 1:04:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 23:04:13
Pre-Run: 27,952,795,648 octets libres
Post-Run: 27,892,318,208 octets libres
.
2008-04-02 00:50:10 --- E O F ---
3 Avril 2008 14:21:03

Je crois que j'ai fais mon scanne tout en ayant mes protections résidentes, parce que je ne sais pas comment faire our les désactiver; il faut que je les arrêtent avec crt+alt+sup, mais je ne parviens pas à savoir quelles processus terminer..
3 Avril 2008 18:30:56

Re,

Pas que Bagle, bien infecté.
Les processus sont normalement facile à repérer par leur nom qui coîncide avec le logiciel.
Normalement, tu dois trouver dans le logiciel comment le désactiver.

Télécharge SDFix (d'Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu'il puisse s'extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L'extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d'habitude.
Une fois l'apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

Puis repasse Combofix, poste son rapport.
3 Avril 2008 19:50:24

Donc voici le rapport de SDFix et de Combofix:



SDFix: Version 1.165

Run by clem on 03/04/2008 at 19:07

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\clem\Bureau\sdfix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\tmp0.exe - Deleted
C:\Program Files\tmp1.exe - Deleted
C:\Program Files\tmp2.exe - Deleted
C:\Program Files\tmp3.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 19:10:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:28,78,bf,80,c7,20,09,15,98,85,5d,89,7f,d2,fe,9b,69,16,e9,e3,b9,..
"p0"="d:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:08,95,e4,05,50,dc,0b,eb,11,e3,58,b7,f6,4b,10,55,73,32,2a,98,b4,..
"a0"=hex:20,01,00,00,93,e6,75,26,38,f8,33,ab,4f,53,5e,27,a5,b5,91,03,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ba,0f,0b,be,72,6f,82,b0,ec,bc,11,b6,8b,f2,ab,1a,5d,8e,63,2f,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ba,0f,0b,be,72,6f,82,b0,ec,bc,11,b6,8b,f2,ab,1a,5d,8e,63,2f,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:28,78,bf,80,c7,20,09,15,98,85,5d,89,7f,d2,fe,9b,69,16,e9,e3,b9,..
"p0"="d:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:08,95,e4,05,50,dc,0b,eb,11,e3,58,b7,f6,4b,10,55,73,32,2a,98,b4,..
"a0"=hex:20,01,00,00,93,e6,75,26,38,f8,33,ab,4f,53,5e,27,a5,b5,91,03,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ba,0f,0b,be,72,6f,82,b0,ec,bc,11,b6,8b,f2,ab,1a,5d,8e,63,2f,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ba,0f,0b,be,72,6f,82,b0,ec,bc,11,b6,8b,f2,ab,1a,5d,8e,63,2f,6b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\3dsmax7\\3dsmax.exe"="D:\\3dsmax7\\3dsmax.exe:*:Enabled:3ds max 7"
"C:\\Program Files\\backburner 2\\monitor.exe"="C:\\Program Files\\backburner 2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\backburner 2\\server.exe"="C:\\Program Files\\backburner 2\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:o rb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:o rbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"="D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\\Program Files\\lphant\\eLePhantClient.exe"="D:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"
"C:\\Documents and Settings\\clem\\Local Settings\\Temp\\15exmdnk42.exe"="C:\\Documents and Settings\\clem\\Local Settings\\Temp\\15exmdnk42.exe:*:D isabled:15exmdnk42"
"C:\\Documents and Settings\\clem\\Local Settings\\Temp\\19exmdnk42.exe"="C:\\Documents and Settings\\clem\\Local Settings\\Temp\\19exmdnk42.exe:*:D isabled:19exmdnk42"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\clem\Bureau\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 1 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 20 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 2 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITA.tmp"
Wed 2 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d8093d524ba38b2f4036bb4d3aa25e4\BIT9.tmp"
Mon 8 Oct 2007 82 A..H. --- "C:\Documents and Settings\clem\Bureau\Nouveau dossier (2)\Nouveau dossier\._Audio_VISTA_070517.zip"
Mon 8 Oct 2007 82 A..H. --- "C:\Documents and Settings\clem\Bureau\Nouveau dossier (2)\Nouveau dossier\._Modem_vista_070214.zip"

Finished!









ComboFix 08-04-02.1 - clem 2008-04-03 19:38:11.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1537 [GMT 2:00]
Endroit: C:\Documents and Settings\clem\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 19:04 . 2008-04-03 19:04 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 15:22 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Documents and Settings\clem\Application Data\SystemRequirementsLab
2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\Documents and Settings\clem\Application Data\Ventrilo
2008-04-03 14:52 . 2008-04-03 14:52 2,996 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\USB_DRV
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\Drivers
2008-04-03 14:41 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-03 14:41 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-03 14:41 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-04-03 14:41 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-03 14:41 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-03 14:41 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-02 19:28 . 2005-03-24 09:02 700,416 --a------ C:\Documents and Settings\clem\SkyTel.EXE
2008-04-02 18:26 . 2008-04-02 19:09 <REP> d-------- C:\Muestras
2008-04-02 18:12 . 2008-04-02 18:12 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 13:55 . 2008-04-02 13:55 122 --a------ C:\tempdel.bat
2008-04-02 13:54 . 2008-04-02 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dmzgdazo
2008-04-02 13:54 . 2008-04-02 13:54 106,496 --a------ C:\WINDOWS\system32\dalihwry.exe
2008-04-02 13:28 . 2005-03-24 09:02 700,416 -ra------ C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-02 13:27 . 2008-04-02 18:07 <REP> d-------- C:\WINDOWS\system32\drivers\downld
2008-04-02 13:27 . 2005-03-24 09:02 700,416 -ra------ C:\Documents and Settings\clem\RTHDCPL.EXE
2008-04-02 13:18 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-31 11:02 . 2008-03-31 11:02 <REP> d-------- C:\Program Files\THQ
2008-03-31 10:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-31 10:51 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-31 10:51 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-31 10:51 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-31 10:51 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 10:51 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-29 20:07 . 2008-03-29 20:08 16,040,430 --a------ C:\y.bmp
2008-03-29 10:06 . 2008-04-01 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 10:06 . 2008-03-29 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 18:17 . 2008-03-27 18:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-27 18:17 . 2008-03-27 18:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 19:33 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-03-25 19:33 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-03-25 19:33 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-03-21 17:52 . 2008-03-27 18:16 <REP> d-------- C:\Program Files\Google
2008-03-21 17:24 . 2008-03-21 17:24 <REP> d-------- C:\Documents and Settings\clem\Application Data\EPSON
2008-03-18 17:36 . 2008-03-18 17:36 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-18 17:35 . 2008-03-21 17:26 <REP> d-------- C:\Documents and Settings\clem\Application Data\Smart Panel
2008-03-18 11:17 . 2008-03-18 11:17 <REP> d-------- C:\Documents and Settings\clem\Application Data\Auslogics
2008-03-18 11:15 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-18 11:15 . 1998-07-13 01:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-03-18 11:14 . 2004-10-06 14:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-03-18 11:14 . 2004-10-06 14:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-03-18 11:14 . 2006-04-17 00:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-03-18 11:14 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-03-18 11:14 . 2004-02-23 01:00 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-18 11:14 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-03-18 11:14 . 1998-07-13 01:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-03-17 20:14 . 1999-06-15 12:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-17 20:14 . 1999-12-07 03:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-17 20:14 . 1999-04-27 01:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-17 20:14 . 1999-08-10 00:50 72 --------- C:\WINDOWS\system32\epDPE.ini
2008-03-17 20:13 . 2008-03-17 20:19 <REP> d-------- C:\Program Files\Smart Panel
2008-03-17 20:13 . 2004-02-01 04:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-17 20:13 . 2002-11-15 01:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-17 20:13 . 2002-11-15 01:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-17 20:13 . 2004-02-01 04:00 38,028 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-17 20:13 . 2004-02-01 04:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-17 20:13 . 2004-02-01 04:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-03-17 20:13 . 2004-02-01 04:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-03-17 20:11 . 2004-04-19 22:03 79,654 --a------ C:\WINDOWS\system32\E_FLM9HE.DLL
2008-03-17 20:11 . 2003-05-20 19:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9HE.DLL
2008-03-17 20:11 . 2000-06-06 18:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9HE.DLL
2008-03-17 20:09 . 2008-03-17 20:09 27 --a------ C:\WINDOWS\CDE RX620EI.ini
2008-03-17 20:04 . 2008-03-17 20:17 <REP> d-------- C:\Program Files\epson
2008-03-17 20:04 . 2008-03-17 20:04 <REP> d-------- C:\epson
2008-03-17 20:04 . 2005-07-01 01:00 88,576 --a------ C:\WINDOWS\system32\esxuni.dll
2008-03-17 20:04 . 2005-07-01 01:00 71,680 --a------ C:\WINDOWS\system32\esxuimgd.dll
2008-03-17 20:04 . 2003-07-01 01:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-03-17 20:04 . 2005-07-01 01:00 39,424 --a------ C:\WINDOWS\system32\esxucmd.dll
2008-03-17 20:04 . 2003-07-01 01:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:04 . 2003-07-01 01:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-03-13 21:19 . 2008-03-13 21:19 33,554,432 --a------ C:\tvpaint3608.1031.tmp
2008-03-03 11:48 . 2008-04-02 20:05 <REP> d-------- C:\WTablet

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 17:16 --------- d-----w C:\Program Files\Wanadoo
2008-04-03 17:16 --------- d-----w C:\Documents and Settings\clem\Application Data\vmntoolbar
2008-04-03 17:10 --------- d-----w C:\Documents and Settings\clem\Application Data\WTablet
2008-04-03 16:57 --------- d-----w C:\Documents and Settings\clem\Application Data\OpenOffice.org2
2008-04-03 12:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-03 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:50 --------- d-----w C:\Documents and Settings\clem\Application Data\Winamp
2008-03-31 09:02 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 12:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-27 12:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 12:07 --------- d-----w C:\Program Files\Winamp
2008-03-24 09:27 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 15:52 --------- d-----w C:\Program Files\Java
2008-03-18 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 11:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Canon
2008-02-27 20:13 --------- d-----w C:\Program Files\Windows Live
2008-02-27 20:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 18:39 --------- d-----w C:\Documents and Settings\clem\Application Data\Classes de site
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\LimeWire
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\Chessmaster Challenge
2008-02-23 14:22 75,303,976 ----a-w C:\BackupRegistry(20080223).reg
2008-02-21 18:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR
2008-02-21 17:56 --------- d-----w C:\Documents and Settings\clem\Application Data\PC Tools
2008-02-15 15:08 --------- d-----w C:\Documents and Settings\clem\Application Data\Sites
2008-02-15 03:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Dynamique
2008-02-15 03:02 --------- d-----w C:\Program Files\vmntoolbar
2008-02-14 18:10 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 18:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:44 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-02-07 12:25 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-07 12:25 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
2007-10-15 18:51 8 -c--a-w C:\Documents and Settings\clem\.bztarotcumul.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-25 11:52 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-25 11:52 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"amd_dc_opt"="D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 16:03 1689600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 19:36 249896]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"nwiz"="nwiz.exe" [2008-03-25 11:52 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-27 12:42:06 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools Lite"="d:\Program Files\DAEMON Tools\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 14:25]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:55]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 23:49]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S4 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 14:25]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-31 10:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-28 16:15:00 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 19:39:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 19:39:34
ComboFix-quarantined-files.txt 2008-04-03 17:39:17
ComboFix2.txt 2008-04-02 23:04:17
Pre-Run: 27,280,764,928 octets libres
Post-Run: 27,270,062,080 octets libres
.
2008-04-03 08:51:19 --- E O F ---
3 Avril 2008 21:30:03

Repasse un coup Elibagla, poste son rapport ;) 
4 Avril 2008 15:25:38

Voici donc le rapport de Elibagla (encore une fois désolé pour le retard et merci pour ton aide ^^) :


*
Wed Apr 02 18:24:49 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:25:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:25:57 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:26:13 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:26:30 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:27:01 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:33:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:35:33 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:42:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:43:55 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:46:43 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Wed Apr 02 18:51:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:51:15 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 18:52:11 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:18 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:52:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:00 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:03 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 18:56:34 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 18:56:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 19:09:59 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:09 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:10:19 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:10:20 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:11:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:12:08 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:14:29 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:15:33 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0051736.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0053734.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054732.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054875.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 6241
Nº Total de Ficheros: 75264
Nº de Ficheros Analizados: 10890
Nº de Ficheros Infectados: 5
Nº de Ficheros Limpiados: 5

Wed Apr 02 19:33:34 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Wed Apr 02 19:35:52 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:47:53 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Apr 02 19:48:09 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Wed Apr 02 19:52:17 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

Wed Apr 02 19:52:31 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6288
Nº Total de Ficheros: 69263
Nº de Ficheros Analizados: 7789
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Apr 02 20:05:44 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Apr 04 15:13:35 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Apr 04 15:13:39 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6333
Nº Total de Ficheros: 69535
Nº de Ficheros Analizados: 7854
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
4 Avril 2008 17:01:19

Bizarre,

Reposte un nouveau rapport Combofix.
4 Avril 2008 23:29:09

voici le rapport:



ComboFix 08-04-02.1 - clem 2008-04-04 23:24:42.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1488 [GMT 2:00]
Endroit: C:\Documents and Settings\clem\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 19:04 . 2008-04-03 19:04 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 15:22 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Documents and Settings\clem\Application Data\SystemRequirementsLab
2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\Documents and Settings\clem\Application Data\Ventrilo
2008-04-03 14:52 . 2008-04-03 14:52 2,996 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\USB_DRV
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\Drivers
2008-04-03 14:41 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-03 14:41 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-03 14:41 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-04-03 14:41 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-03 14:41 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-03 14:41 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-02 19:28 . 2005-03-24 09:02 700,416 --a------ C:\Documents and Settings\clem\SkyTel.EXE
2008-04-02 18:26 . 2008-04-02 19:09 <REP> d-------- C:\Muestras
2008-04-02 18:12 . 2008-04-02 18:12 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 13:55 . 2008-04-02 13:55 122 --a------ C:\tempdel.bat
2008-04-02 13:54 . 2008-04-02 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dmzgdazo
2008-04-02 13:54 . 2008-04-02 13:54 106,496 --a------ C:\WINDOWS\system32\dalihwry.exe
2008-04-02 13:28 . 2005-03-24 09:02 700,416 -ra------ C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-02 13:27 . 2008-04-02 18:07 <REP> d-------- C:\WINDOWS\system32\drivers\downld
2008-04-02 13:27 . 2005-03-24 09:02 700,416 -ra------ C:\Documents and Settings\clem\RTHDCPL.EXE
2008-04-02 13:18 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-31 11:02 . 2008-03-31 11:02 <REP> d-------- C:\Program Files\THQ
2008-03-31 10:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-31 10:51 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-31 10:51 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-31 10:51 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-31 10:51 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 10:51 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-29 20:07 . 2008-03-29 20:08 16,040,430 --a------ C:\y.bmp
2008-03-29 10:06 . 2008-04-01 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 10:06 . 2008-03-29 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 18:17 . 2008-03-27 18:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-27 18:17 . 2008-03-27 18:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 19:33 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-03-25 19:33 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-03-25 19:33 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-03-21 17:52 . 2008-03-27 18:16 <REP> d-------- C:\Program Files\Google
2008-03-21 17:24 . 2008-03-21 17:24 <REP> d-------- C:\Documents and Settings\clem\Application Data\EPSON
2008-03-18 17:36 . 2008-03-18 17:36 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-18 17:35 . 2008-03-21 17:26 <REP> d-------- C:\Documents and Settings\clem\Application Data\Smart Panel
2008-03-18 11:17 . 2008-03-18 11:17 <REP> d-------- C:\Documents and Settings\clem\Application Data\Auslogics
2008-03-18 11:15 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-18 11:15 . 1998-07-13 01:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-03-18 11:14 . 2004-10-06 14:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-03-18 11:14 . 2004-10-06 14:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-03-18 11:14 . 2006-04-17 00:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-03-18 11:14 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-03-18 11:14 . 2004-02-23 01:00 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-18 11:14 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-03-18 11:14 . 1998-07-13 01:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-03-17 20:14 . 1999-06-15 12:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-17 20:14 . 1999-12-07 03:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-17 20:14 . 1999-04-27 01:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-17 20:14 . 1999-08-10 00:50 72 --------- C:\WINDOWS\system32\epDPE.ini
2008-03-17 20:13 . 2008-03-17 20:19 <REP> d-------- C:\Program Files\Smart Panel
2008-03-17 20:13 . 2004-02-01 04:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-17 20:13 . 2002-11-15 01:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-17 20:13 . 2002-11-15 01:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-17 20:13 . 2004-02-01 04:00 38,028 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-17 20:13 . 2004-02-01 04:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-17 20:13 . 2004-02-01 04:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-03-17 20:13 . 2004-02-01 04:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-03-17 20:11 . 2004-04-19 22:03 79,654 --a------ C:\WINDOWS\system32\E_FLM9HE.DLL
2008-03-17 20:11 . 2003-05-20 19:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9HE.DLL
2008-03-17 20:11 . 2000-06-06 18:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9HE.DLL
2008-03-17 20:09 . 2008-03-17 20:09 27 --a------ C:\WINDOWS\CDE RX620EI.ini
2008-03-17 20:04 . 2008-03-17 20:17 <REP> d-------- C:\Program Files\epson
2008-03-17 20:04 . 2008-03-17 20:04 <REP> d-------- C:\epson
2008-03-17 20:04 . 2005-07-01 01:00 88,576 --a------ C:\WINDOWS\system32\esxuni.dll
2008-03-17 20:04 . 2005-07-01 01:00 71,680 --a------ C:\WINDOWS\system32\esxuimgd.dll
2008-03-17 20:04 . 2003-07-01 01:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-03-17 20:04 . 2005-07-01 01:00 39,424 --a------ C:\WINDOWS\system32\esxucmd.dll
2008-03-17 20:04 . 2003-07-01 01:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:04 . 2003-07-01 01:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-03-13 21:19 . 2008-03-13 21:19 33,554,432 --a------ C:\tvpaint3608.1031.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 12:09 --------- d-----w C:\Documents and Settings\clem\Application Data\WTablet
2008-04-03 17:16 --------- d-----w C:\Program Files\Wanadoo
2008-04-03 17:16 --------- d-----w C:\Documents and Settings\clem\Application Data\vmntoolbar
2008-04-03 16:57 --------- d-----w C:\Documents and Settings\clem\Application Data\OpenOffice.org2
2008-04-03 12:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-03 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:50 --------- d-----w C:\Documents and Settings\clem\Application Data\Winamp
2008-03-31 09:02 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 12:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-27 12:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 12:07 --------- d-----w C:\Program Files\Winamp
2008-03-24 09:27 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 15:52 --------- d-----w C:\Program Files\Java
2008-03-18 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 11:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Canon
2008-02-27 20:13 --------- d-----w C:\Program Files\Windows Live
2008-02-27 20:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 18:39 --------- d-----w C:\Documents and Settings\clem\Application Data\Classes de site
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\LimeWire
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\Chessmaster Challenge
2008-02-23 14:22 75,303,976 ----a-w C:\BackupRegistry(20080223).reg
2008-02-21 18:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR
2008-02-21 17:56 --------- d-----w C:\Documents and Settings\clem\Application Data\PC Tools
2008-02-15 15:08 --------- d-----w C:\Documents and Settings\clem\Application Data\Sites
2008-02-15 03:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Dynamique
2008-02-15 03:02 --------- d-----w C:\Program Files\vmntoolbar
2008-02-14 18:10 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 18:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:44 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-02-07 12:25 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-07 12:25 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
2007-10-15 18:51 8 -c--a-w C:\Documents and Settings\clem\.bztarotcumul.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-03_19.19.22,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 17:15:51 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-04 12:13:52 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 17:15:51 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-04 12:13:52 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-03 17:15:51 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-04 12:13:52 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-03 17:15:51 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-04 12:13:52 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-25 11:52 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-25 11:52 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"amd_dc_opt"="D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 16:03 1689600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 19:36 249896]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"nwiz"="nwiz.exe" [2008-03-25 11:52 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-27 12:42:06 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools Lite"="d:\Program Files\DAEMON Tools\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 14:25]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:55]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 23:49]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S4 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 14:25]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-31 10:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 15:15:00 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 23:25:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-04 23:26:18
ComboFix-quarantined-files.txt 2008-04-04 21:26:01
ComboFix2.txt 2008-04-03 17:39:35
ComboFix3.txt 2008-04-02 23:04:17
Pre-Run: 27,314,495,488 octets libres
Post-Run: 27,302,805,504 octets libres
.
2008-04-03 21:02:35 --- E O F ---
4 Avril 2008 23:46:53

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\tempdel.bat
C:\WINDOWS\system32\dalihwry.exe
C:\WINDOWS\system32\drivers\mdelk.exe

Folder::
C:\Program Files\vmntoolbar
C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\All Users\Application Data\dmzgdazo


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
5 Avril 2008 00:03:43

Alors j'ai fais ca que tu m'as dis, mais hijack ne voulais plus démarrer (application non valide win32) j'ai du le réinstallé, et l'erreur avec le même message apparaît pour d'autres logiciels comme avira.

Voici don les deux rapport:


ComboFix 08-04-02.1 - clem 2008-04-04 23:54:51.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1496 [GMT 2:00]
Endroit: C:\Documents and Settings\clem\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\clem\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\tempdel.bat
C:\WINDOWS\system32\dalihwry.exe
C:\WINDOWS\system32\drivers\mdelk.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dmzgdazo
C:\Documents and Settings\All Users\Application Data\dmzgdazo\vspetqhm.exe
C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR
C:\Documents and Settings\LocalService\Application Data\VMNTOOLBAR\NewCfg\vmntoolbartb1501.cfg39884484
C:\Program Files\vmntoolbar
C:\Program Files\vmntoolbar\install.ico
C:\Program Files\vmntoolbar\tbuninstall.exe
C:\Program Files\vmntoolbar\toolbar.ini
C:\Program Files\vmntoolbar\uninstall.exe
C:\Program Files\vmntoolbar\vmntoolbar.dll
C:\tempdel.bat
C:\WINDOWS\system32\dalihwry.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\11768218.exe
C:\WINDOWS\system32\drivers\downld\11797515.exe
C:\WINDOWS\system32\drivers\downld\829250.exe
C:\WINDOWS\system32\drivers\downld\830921.exe
C:\WINDOWS\system32\drivers\downld\854593.exe
C:\WINDOWS\system32\drivers\downld\859406.exe
C:\WINDOWS\system32\drivers\downld\894343.exe
C:\WINDOWS\system32\drivers\downld\904906.exe
C:\WINDOWS\system32\drivers\downld\918375.exe
C:\WINDOWS\system32\drivers\downld\924734.exe
C:\WINDOWS\system32\drivers\downld\941812.exe
C:\WINDOWS\system32\drivers\downld\942156.exe
C:\WINDOWS\system32\drivers\mdelk.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 19:04 . 2008-04-03 19:04 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 15:22 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-03 15:13 . 2008-04-03 15:13 <REP> d-------- C:\Documents and Settings\clem\Application Data\SystemRequirementsLab
2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\Documents and Settings\clem\Application Data\Ventrilo
2008-04-03 14:52 . 2008-04-03 14:52 2,996 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\USB_DRV
2008-04-03 14:41 . 2008-04-03 14:41 <REP> d-------- C:\Drivers
2008-04-03 14:41 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-03 14:41 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-03 14:41 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-04-03 14:41 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-03 14:41 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-03 14:41 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-02 19:28 . 2005-03-24 09:02 700,416 --a------ C:\Documents and Settings\clem\SkyTel.EXE
2008-04-02 18:26 . 2008-04-02 19:09 <REP> d-------- C:\Muestras
2008-04-02 18:12 . 2008-04-02 18:12 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 13:27 . 2005-03-24 09:02 700,416 -ra------ C:\Documents and Settings\clem\RTHDCPL.EXE
2008-04-02 13:18 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 12:51 . 2008-04-02 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-03-31 11:02 . 2008-03-31 11:02 <REP> d-------- C:\Program Files\THQ
2008-03-31 10:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-31 10:51 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-31 10:51 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-31 10:51 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-31 10:51 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-31 10:51 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-29 20:07 . 2008-03-29 20:08 16,040,430 --a------ C:\y.bmp
2008-03-29 10:06 . 2008-04-01 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 10:06 . 2008-03-29 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 18:17 . 2008-03-27 18:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-27 18:17 . 2008-03-27 18:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-25 19:33 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-03-25 19:33 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-03-25 19:33 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-03-25 19:33 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-03-21 17:52 . 2008-03-27 18:16 <REP> d-------- C:\Program Files\Google
2008-03-21 17:24 . 2008-03-21 17:24 <REP> d-------- C:\Documents and Settings\clem\Application Data\EPSON
2008-03-18 17:36 . 2008-03-18 17:36 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-18 17:35 . 2008-03-21 17:26 <REP> d-------- C:\Documents and Settings\clem\Application Data\Smart Panel
2008-03-18 11:17 . 2008-03-18 11:17 <REP> d-------- C:\Documents and Settings\clem\Application Data\Auslogics
2008-03-18 11:15 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-18 11:15 . 1998-07-13 01:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL
2008-03-18 11:14 . 2004-10-06 14:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2008-03-18 11:14 . 2004-10-06 14:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2008-03-18 11:14 . 2006-04-17 00:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx
2008-03-18 11:14 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-03-18 11:14 . 2004-02-23 01:00 119,808 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-18 11:14 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-03-18 11:14 . 1998-07-13 01:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-03-17 20:14 . 1999-06-15 12:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-17 20:14 . 1999-12-07 03:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-17 20:14 . 1999-04-27 01:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-17 20:14 . 1999-08-10 00:50 72 --------- C:\WINDOWS\system32\epDPE.ini
2008-03-17 20:13 . 2008-03-17 20:19 <REP> d-------- C:\Program Files\Smart Panel
2008-03-17 20:13 . 2004-02-01 04:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-17 20:13 . 2002-11-15 01:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-17 20:13 . 2002-11-15 01:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-17 20:13 . 2004-02-01 04:00 38,028 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-17 20:13 . 2004-02-01 04:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-17 20:13 . 2004-02-01 04:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-03-17 20:13 . 2004-02-01 04:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-03-17 20:11 . 2004-04-19 22:03 79,654 --a------ C:\WINDOWS\system32\E_FLM9HE.DLL
2008-03-17 20:11 . 2003-05-20 19:27 64,000 --a------ C:\WINDOWS\system32\E_FBCB9HE.DLL
2008-03-17 20:11 . 2000-06-06 18:01 34,304 --a------ C:\WINDOWS\system32\E_FBCH9HE.DLL
2008-03-17 20:09 . 2008-03-17 20:09 27 --a------ C:\WINDOWS\CDE RX620EI.ini
2008-03-17 20:04 . 2008-03-17 20:17 <REP> d-------- C:\Program Files\epson
2008-03-17 20:04 . 2008-03-17 20:04 <REP> d-------- C:\epson
2008-03-17 20:04 . 2005-07-01 01:00 88,576 --a------ C:\WINDOWS\system32\esxuni.dll
2008-03-17 20:04 . 2005-07-01 01:00 71,680 --a------ C:\WINDOWS\system32\esxuimgd.dll
2008-03-17 20:04 . 2003-07-01 01:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-03-17 20:04 . 2005-07-01 01:00 39,424 --a------ C:\WINDOWS\system32\esxucmd.dll
2008-03-17 20:04 . 2003-07-01 01:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-17 20:04 . 2003-07-01 01:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-03-13 21:19 . 2008-03-13 21:19 33,554,432 --a------ C:\tvpaint3608.1031.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 12:09 --------- d-----w C:\Documents and Settings\clem\Application Data\WTablet
2008-04-03 17:16 --------- d-----w C:\Program Files\Wanadoo
2008-04-03 17:16 --------- d-----w C:\Documents and Settings\clem\Application Data\vmntoolbar
2008-04-03 16:57 --------- d-----w C:\Documents and Settings\clem\Application Data\OpenOffice.org2
2008-04-03 12:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-03 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:50 --------- d-----w C:\Documents and Settings\clem\Application Data\Winamp
2008-03-31 09:02 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 12:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-27 12:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 12:07 --------- d-----w C:\Program Files\Winamp
2008-03-24 09:27 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 15:52 --------- d-----w C:\Program Files\Java
2008-03-18 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 11:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Canon
2008-02-27 20:13 --------- d-----w C:\Program Files\Windows Live
2008-02-27 20:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 18:39 --------- d-----w C:\Documents and Settings\clem\Application Data\Classes de site
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\LimeWire
2008-02-23 14:26 --------- d-----w C:\Documents and Settings\clem\Application Data\Chessmaster Challenge
2008-02-23 14:22 75,303,976 ----a-w C:\BackupRegistry(20080223).reg
2008-02-21 17:56 --------- d-----w C:\Documents and Settings\clem\Application Data\PC Tools
2008-02-15 15:08 --------- d-----w C:\Documents and Settings\clem\Application Data\Sites
2008-02-15 03:03 --------- d-----w C:\Documents and Settings\clem\Application Data\Dynamique
2008-02-14 18:10 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 18:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 16:44 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-02-07 12:25 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-07 12:25 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
2007-10-15 18:51 8 -c--a-w C:\Documents and Settings\clem\.bztarotcumul.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-03_19.19.22,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 17:15:51 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-04 12:13:52 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 17:15:51 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-04 12:13:52 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-03 17:15:51 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-04 12:13:52 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-03 17:15:51 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-04 12:13:52 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-25 11:52 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-25 11:52 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"amd_dc_opt"="D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 16:03 1689600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 19:36 249896]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"nwiz"="nwiz.exe" [2008-03-25 11:52 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-27 12:42:06 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools Lite"="d:\Program Files\DAEMON Tools\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\3dsmax7\\3dsmax.exe"=
"C:\\Program Files\\backburner 2\\monitor.exe"=
"C:\\Program Files\\backburner 2\\manager.exe"=
"C:\\Program Files\\backburner 2\\server.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Program Files\\lphant\\eLePhantClient.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 14:25]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:55]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 23:49]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S4 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 14:25]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-31 10:12:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 15:15:00 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 23:57:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-04 23:58:11
ComboFix-quarantined-files.txt 2008-04-04 21:57:48
ComboFix2.txt 2008-04-04 21:26:18
ComboFix3.txt 2008-04-03 17:39:35
ComboFix4.txt 2008-04-02 23:04:17
Pre-Run: 22,510,346,240 octets libres
Post-Run: 22,495,363,072 octets libres
.
2008-04-03 21:02:35 --- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01:31, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [amd_dc_opt] "D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9473 bytes
5 Avril 2008 00:04:21

PS: il n'y a pas eu de redémarrage.
5 Avril 2008 00:19:35

ça a l'air bon cette fois.
Réinstalle AntiVir et fais un scan en mode sans échec, poste moi ce rapport ;) 
5 Avril 2008 01:28:26

re, voici le rapport d'avira :)  :




AntiVir PersonalEdition Classic
Report file date: samedi 5 avril 2008 00:34

Scanning for 1181183 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TISSIER

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:34:23
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 22:34:23
ANTIVIR3.VDF : 7.0.3.121 189952 Bytes 04/04/2008 22:34:23
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 04/04/2008 22:34:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 04/04/2008 22:34:24
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 5 avril 2008 00:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'Wacom_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Wacom_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Wacom_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spnsrvnt.exe' - '1' Module(s) have been scanned
Scan process 'PsCtrlS.exe' - '1' Module(s) have been scanned
Scan process 'TosBtProc.exe' - '1' Module(s) have been scanned
Scan process 'TosOBEX.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'E_S30RP1.EXE' - '1' Module(s) have been scanned
Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'E_FATI9HE.EXE' - '1' Module(s) have been scanned
Scan process 'Center.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Documents\IN3\story board\Story board\Driver Detective 6.0.6.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\Documents and Settings\clem\RTHDCPL.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\Documents and Settings\clem\SkyTel.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\Documents and Settings\clem\Bureau\sdfix\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/tmp0.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
--> backups/tmp1.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
--> backups/tmp2.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
--> backups/tmp3.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\Documents and Settings\clem\Mes documents\IN3\story board\Story board\Driver Detective 6.0.6.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.21
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-04-03_ 10206.87.zip
[0] Archive type: ZIP
--> Documents and Settings/clem/Bureau/catchme.zip
[1] Archive type: ZIP
--> ddcDtqQj.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\dmzgdazo\vspetqhm.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\dalihwry.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcDtqQj.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJAPJBr.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052726.exe
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052740.exe
[DETECTION] Is the Trojan horse TR/Dldr.Dido.A.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052743.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052753.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.221184
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054748.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054749.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054861.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054864.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lsw
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0054865.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP178\A0056001.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP178\A0056994.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP178\A0056995.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP179\A0057070.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP179\A0057071.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057289.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057290.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057291.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057292.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057298.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057299.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057300.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057301.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP186\A0057489.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP186\A0057508.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP186\A0057509.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP189\A0057664.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP189\A0057665.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Program Files\Panda Security\Panda Antivirus 2008\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[WARNING] The file could not be deleted!
D:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP134\A0035111.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
D:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP177\A0052748.exe
[DETECTION] Is the Trojan horse TR/Dldr.Dido.A.1
[INFO] The file was deleted!
Begin scan in 'E:\'
E:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP137\A0043166.exe
[DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25
[INFO] The file was deleted!


End of the scan: samedi 5 avril 2008 01:27
Used time: 52:48 min

The scan has been done completely.

8530 Scanning directories
395145 Files were scanned
47 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
43 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
395098 Files not concerned
2275 Archives were scanned
3 Warnings
30 Notes

5 Avril 2008 10:42:22

Re,

Je pense que tu peux supprimer ces dossiers :
C:\Documents and Settings\All Users\Documents\IN3
C:\Documents and Settings\Clem\Documents\IN3

Mais je ne suis pas sûr du contenu , donc au pire supprime juste le dossier story board qui est dans chacun de ces dossiers/

Reposte un HijackThis.
5 Avril 2008 11:49:05

Re,

Le dossier IN3 est un dossier important pour moi et je ne peux le supprimer, c'est un dossier contenant tous mes dessins et mes animations sous format .tvp, car je travail dans le dessin animé ;) 
As-tu trouvé une anomalie dans se dossier?

Je t'envoies quand même le rapport hijackthis?



5 Avril 2008 11:55:31

Je te poste le rapport hijackthis, comme ca c'est fait :) 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:48, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [amd_dc_opt] "D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9733 bytes
5 Avril 2008 12:10:33

Ok pour le dossier, j'avais bien des doutes comme je l'avais dit.
Supprime alors simplement le dossier que je t'ai dit à l'intérieur qui semble infectieux ;) 

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
5 Avril 2008 13:06:17

Voici le rapport de Clean:



05/04/2008 a 13:03:06,42

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GameHouse\" FOUND
5 Avril 2008 13:18:24

Re,

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
5 Avril 2008 15:26:34

Piouf, aprés 1h30 de scan, voici les deux rapports ^^ :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:18:54 05/04/2008

+ Résultat de l'analyse:



C:\Documents and Settings\clem\Bureau\Nouveau dossier (2)\ELIBAGLA.%D8H%D8DB%D8%D8H.EXE -> Heuristic.Win32.AVKiller : Aucune action entreprise.
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP179\A0057082.EXE -> Heuristic.Win32.AVKiller : Aucune action entreprise.
C:\System Volume Information\_restore{10ED82F3-7F65-412B-ABBA-AAC6B08D1600}\RP184\A0057394.EXE -> Heuristic.Win32.AVKiller : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.176:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.316:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.333:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.244:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Abcsearch : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.118:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.119:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.120:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.121:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.339:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.340:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.341:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.342:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.375:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.482:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.483:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.369:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.370:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.224:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.127:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.128:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.129:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.29:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.152:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.299:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.300:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.301:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.302:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.335:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.336:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.337:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.338:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.380:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.381:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.382:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.383:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.50:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.52:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.53:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.85:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.87:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\clem\Application Data\Mozilla\Firefox\Profiles\raz7a457.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\clem\Cookies\clem@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport





05/04/2008 a 15:19:34,50

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GameHouse\" FOUND
*** Fin du rapport !
5 Avril 2008 16:34:10

Re,

Tu as fait entreprendre les actions pour AVG après ?

Tu as fait l'option 1 et pas la 2 pour clean :D 
5 Avril 2008 17:29:54

Raaah je suis tête en l'air, j'ai oublié d'entreprendre les actions, je dois recommencer le scan?
et je dois repasser en mode sous échec pour Clean?
5 Avril 2008 17:30:21

:/ 
5 Avril 2008 17:35:47

En gros c'est l'idée :lol: 

Tu peux juste supprimer C:\Program Files\GameHouse ;) 

Puis reposte un HijackTHis.
5 Avril 2008 18:00:59

ouki ^^ alors j'ai donc supprimer "gamehouse", fais le scan avec hijackthis, voici le rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:33, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [amd_dc_opt] "D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9963 bytes
5 Avril 2008 23:42:52

Re,

Désinstalle via Ajout/Suppression de Programmes:
  • Ad-aware 2007
  • Spyware Doctor ou Avg, à toi de choisir

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked!
    5 Avril 2008 23:56:32

    c'est fais!
    plus d'instructions... ca veux dire que c'est terminé...? :) 
    6 Avril 2008 00:16:27

    Reposte un HijackThis.

    Plus de dysfonctionnements ? :p 
    6 Avril 2008 00:37:46

    Nan je n'est plus de problèmes apparents, il tourne à merveille! :D 
    Merci pour ta patience et ton aide précieuse, c'est rassurant de voir qu'il y a encore des gens pour aider et prendre le temps de résoudre les problèmes pour des novices!




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:21:11, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [amd_dc_opt] "D:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Software International - d:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 8354 bytes
    6 Avril 2008 10:59:38

    Re,

    Nous avons fini :) 

    Télécharge ToolsCleaner2( de A.Rothstein)

    Installe le sur ton Bureau
    Clique sur [Recherche] pour lancer le scan
    Clique sur [Supprimer] pour nettoyer les outils utilisés
    Clique sur [Quitter],
    Poste ce rapport ~>C:\TCleaner.txt<~

    Garde ccleaner, avg et antivir si nous les avons installé..
    Désactive-réactive la restauration système
    Rapporte ton infection sur Malware Complaints >Tuto<
    Ton(tes) infection(s) : Bagle
    Si tu ne la trouves pas dans la liste, poste dans Autres infections,

    Puis regarde ces dossiers :

    Sécurité/Prévention
    Conséquences de la multi-protection
    Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    6 Avril 2008 13:46:14

    J'ai suivi tes instructions à la lettre et je vais lire TRES attentivement ces dossiers, après la galère pour nettoyer mon ordinateur, je crois que ca ne me fera pas de mal ^^
    Encore un fois: merci pour ton aide et ta patience avec moi, c'est vraiment gentil!
    Bonne continuation et bon courage pour la suite :D 
    Merci beaucoup.
    Bonne journée et bonne soirée ^^





    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\clem\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\clem\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\clem\Bureau\SDFIX: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\tar.exe: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\remove.reg: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\pskill.exe: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\LFiles.exe: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\gzip.exe: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\delsiri.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\delr.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\del3.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\del2.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\clean.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\clean\cherche.cmd: trouvé !
    C:\Documents and Settings\clem\Bureau\Nouveau dossier (2)\HijackThis.lnk: trouvé !
    C:\Documents and Settings\clem\Bureau\sdfix\SDFIX: trouvé !
    C:\Documents and Settings\clem\Mes documents\SdFix.exe: trouvé !
    C:\Documents and Settings\clem\Mes documents\Clean.zip: trouvé !
    C:\Documents and Settings\clem\Mes documents\HJTInstall.exe: trouvé !
    C:\Documents and Settings\clem\Recent\HijackThis.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\clem\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\clem\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\tar.exe: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\remove.reg: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\pskill.exe: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\LFiles.exe: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\gzip.exe: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\delsiri.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\delr.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\del3.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\del2.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\clean.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\clean\cherche.cmd: supprimé !
    C:\Documents and Settings\clem\Bureau\Nouveau dossier (2)\HijackThis.lnk: supprimé !
    C:\Documents and Settings\clem\Mes documents\SdFix.exe: supprimé !
    C:\Documents and Settings\clem\Mes documents\Clean.zip: supprimé !
    C:\Documents and Settings\clem\Mes documents\HJTInstall.exe: supprimé !
    C:\Documents and Settings\clem\Recent\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\clem\Bureau\SDFIX: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    6 Avril 2008 14:42:56

    ++ ;)  De rien
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS