Votre question

MESSAGE SUSPECT AVAST

Tags :
  • Avast
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mars 2008 21:03:45

Bonjour,

quelq'un peut m'aider s'il vous plait?

j'ai avertissement avast avec plus de 70 messages suspect avast qu'il y a trop de mails identiques envoyés dans un faible intervalle de temps. voici mon rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:18:30, on 15-03-2008Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINXP\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINXP\SOUNDMAN.EXE

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\HardDriveGuard\strpmon.exe

C:\WINXP\system32\ctfmon.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\system32\FreezeScreenSaver.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINXP\system32\zgzjfk.exe

C:\WINXP\System32\PAStiSvc.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINXP\System32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINXP\System32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Nouveau dossier\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: PopTtop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [uaampuq] C:\WINXP\system32\uaampuq.exe

O4 - HKLM\..\Run: [pibdicwmt] C:\WINXP\system32\pibdicwmt.exe

O4 - HKLM\..\Run: [zgzjfk] C:\WINXP\system32\zgzjfk.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" dm=http://harddriveguard.com ad=http://harddriveguard.com sd=http://inspaid.harddriveguard.com

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" dm=http://harddriveguard.com ad=http://harddriveguard.com sd=http://inspaid.harddriveguard.com

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Anti-Hacker.lnk = ?

O4 - Global Startup: YourScreen.lnk = ?

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Bloquez Pop-Up - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab

O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210

O17 - HKLM\System\CS2\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210

O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WLCtrl32 - C:\WINXP\SYSTEM32\WLCtrl32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINXP\system32\FreezeScreenSaver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Print Spooler Service (si8i1ekyece4a3) - Unknown owner - C:\WINXP\system32\zgzjfk.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

--

End of file - 8067 bytes

Autres pages sur : message suspect avast

a b 8 Sécurité
15 Mars 2008 21:05:43

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    16 Mars 2008 10:59:31

    salut. merci pour ta reponse.
    voici le rapport combofix:

    ComboFix 08-03-14.4 - WINDOWS FRANCAIS 03/16/2008 9:44:50.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1256.1.1033.18.187 [GMT 0:00]
    Running from: C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\WINDOWS FRANCAIS\ResErrors.log
    C:\WINXP\system32\dbxDgrevCheck.dll
    C:\WINXP\system32\drivers\Joy48.sys
    C:\WINXP\system32\drivers\symavc32.sys
    C:\WINXP\system32\tjiqwa.dat
    C:\WINXP\system32\tjiqwa_nav.dat
    C:\WINXP\system32\tjiqwa_navps.dat
    C:\WINXP\system32\zvcdnrslp.dat
    C:\WINXP\system32\zvcdnrslp_nav.dat
    C:\WINXP\system32\zvcdnrslp_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_FMTR
    -------\LEGACY_JOY48
    -------\LEGACY_RUNTIME
    -------\Joy48


    ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-14 19:54 --------- d-----w C:\Program Files\Common Files\HardDriveGuard
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\SalesMon
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\harddriveguard
    2008-03-07 12:31 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-06 21:32 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Spybot - Search & Destroy
    2008-03-06 20:53 --------- d-----w C:\Program Files\Business-in-a-Box
    2008-03-05 20:02 --------- d-----w C:\Program Files\OneStepSearch
    2008-02-29 22:58 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Kaspersky Lab
    2008-02-29 18:25 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-02-29 17:44 --------- d-----w C:\Program Files\Alwil Software
    2008-02-29 17:26 91,700 ----a-w C:\WINXP\system32\drivers\klin.dat
    2008-02-29 17:26 85,860 ----a-w C:\WINXP\system32\drivers\klick.dat
    2008-02-28 21:00 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\BitTorrent
    2008-02-13 21:17 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\Skype
    2008-01-22 22:11 --------- d-----w C:\Program Files\Common Files\Anti-Hacker
    2008-01-22 21:11 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\MSN6
    2007-11-09 20:19 23,876,904 ----a-w C:\Program Files\SkypeSetup.exe
    2007-08-28 00:47 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
    2007-05-24 14:56 1,181,812 ----a-w C:\Program Files\FLVPlayerSetup.exe
    2006-09-20 13:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-09-15 00:18 1,126,352 ----a-w C:\Program Files\winrar_winrar_3.60_francais_anglais_9632.exe
    2006-09-06 15:03 6,734 ----a-w C:\Program Files\install.log
    2006-05-17 17:26 2,983 ----a-w C:\Program Files\install_wizard.log
    2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/27/2007 05:52 PM 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]
    "SpybotSD TeaTimer"="D:\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/21/2006 07:18 PM 180269]
    "SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 08:44 PM 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM 286720]
    "uaampuq"="C:\WINXP\system32\uaampuq.exe" [02/20/2008 09:54 AM 192512]
    "pibdicwmt"="C:\WINXP\system32\pibdicwmt.exe" [02/20/2008 10:00 AM 192512]
    "zgzjfk"="C:\WINXP\system32\zgzjfk.exe" [02/20/2008 07:31 PM 192512]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 01:00 PM 79224]
    "strpmon"="C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" [02/26/2008 09:40 AM 426496]
    "Salestart"="C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" [02/26/2008 09:40 AM 426496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "zgzjfk"="C:\WINXP\system32\zgzjfk.exe" [02/20/2008 07:31 PM 192512]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 03/16/2008 09:16 AM 11776 C:\WINXP\system32\WLCtrl32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINXP\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^DSLMON.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\DSLMON.lnk
    backup=C:\WINXP\pss\DSLMON.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^WINDOWS FRANCAIS^Start Menu^Programs^Startup^DrAntispy.lnk]
    path=C:\Documents and Settings\WINDOWS FRANCAIS\Start Menu\Programs\Startup\DrAntispy.lnk
    backup=C:\WINXP\pss\DrAntispy.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 08/04/2004 12:00 PM 15360 C:\WINXP\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    C:\Program Files\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
    E:\free calls\Gizmo Project\Gizmo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 08/04/2004 12:00 PM 208952 C:\WINXP\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
    c:\program files\mailskinner\mailskinner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 08/04/2004 12:00 PM 59392 C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrdvmyng]
    c:\winxp\system32\qrdvmyng.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 06/29/2007 06:24 AM 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
    C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
    C:\Program Files\Spyware Stormer\SpywareStormer.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 12/21/2006 07:18 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
    C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zvcdnrslp]
    c:\winxp\system32\zvcdnrslp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
    "8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
    "8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
    "8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
    "8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
    "8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
    "8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
    "8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
    "8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
    "8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
    "5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

    R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINXP\system32\FreezeScreenSaver.exe [09/29/2005 03:55 PM]
    R2 si8i1ekyece4a3;Print Spooler Service;C:\WINXP\system32\zgzjfk.exe [02/20/2008 07:31 PM]
    S0 Hfw76;Hfw76;C:\WINXP\system32\Drivers\Hfw76.sys []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [01/11/2007 09:10 PM]
    S3 PAC207;SoC PC-Camera;C:\WINXP\system32\DRIVERS\pfc027.sys [04/08/2005 10:46 AM]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINXP\system32\DRIVERS\ss_bus.sys [08/30/2005 05:57 PM]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINXP\system32\DRIVERS\ss_mdfl.sys [08/30/2005 05:58 PM]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINXP\system32\DRIVERS\ss_mdm.sys [08/30/2005 05:59 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Personnel#MPIGIER#windows xp arabefrance]
    \Shell\AutoRun\command - Z:\muisetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63013622-eaf2-11dc-aad5-4d6564696130}]
    \Shell\AutoRun\command - 188qsm.bat
    \Shell\explore\Command - 188qsm.bat
    \Shell\open\Command - 188qsm.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c1836e-9758-11db-8ecf-4d6564696130}]
    \Shell\AutoRun\command - kj.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-09 14:24:00 C:\WINXP\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 17:15:00 C:\WINXP\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-01-09 09:00:00 C:\WINXP\Tasks\rpc.job"
    - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    "2008-03-03 08:33:17 C:\WINXP\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - D:\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 09:51:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINXP\system32\winlogon.exe
    -> C:\WINXP\system32\WLCtrl32.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINXP\System32\PAStiSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Completion time: 03/16/2008 9:53:48 - machine was rebooted [WINDOWS FRANCAIS]
    ComboFix-quarantined-files.txt 2008-03-16 09:53:43
    .
    2007-09-19 21:58:10 --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    16 Mars 2008 12:19:14

    Re,

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    16 Mars 2008 12:56:31

    voici le rapport:

    Search Navipromo version 3.5.0 commencé le Sun 03/16/2008 à 11:47:24.10

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


    Microsoft Windows XP [Version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINXP ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\WINDOWS FRANCAIS\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\WINDOWS FRANCAIS\locals~1\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\WINDOWS FRANCAIS\startm~1\programs" ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINXP\system32 *

    * Recherche dans "C:\Documents and Settings\WINDOWS FRANCAIS\locals~1\applic~1" *



    *** Recherche fichiers ***




    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINXP\system32 :


    * Dans "C:\Documents and Settings\WINDOWS FRANCAIS\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le Sun 03/16/2008 à 11:54:23.78 ***
    a b 8 Sécurité
    16 Mars 2008 13:31:39

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    si8i1ekyece4a3
    FreezeScreenSaver

    File::
    C:\Program Files\SkypeSetup.exe
    C:\Program Files\QuickTimeInstaller.exe
    C:\Program Files\FLVPlayerSetup.exe
    C:\Program Files\winrar_winrar_3.60_francais_anglais_9632.exe
    C:\WINXP\system32\uaampuq.exe
    C:\WINXP\system32\pibdicwmt.exe
    C:\WINXP\system32\zgzjfk.exe
    C:\WINXP\system32\WLCtrl32.dll
    C:\WINXP\system32\FreezeScreenSaver.exe

    Folder::
    C:\Program Files\OneStepSearch

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uaampuq"=-
    "pibdicwmt"=-
    "zgzjfk"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "zgzjfk"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zvcdnrslp]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    16 Mars 2008 18:26:24

    salut. voici le rapport combofix,mais ça a été marché tout seul sans avoir tapé 1 et valider:



    ComboFix 08-03-14.4 - WINDOWS FRANCAIS 03/16/2008 17:10:47.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1256.1.1033.18.251 [GMT 0:00]
    Running from: C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\FLVPlayerSetup.exe
    C:\Program Files\OneStepSearch
    C:\Program Files\OneStepSearch\home.js
    C:\Program Files\OneStepSearch\readme.html
    C:\Program Files\QuickTimeInstaller.exe
    C:\Program Files\SkypeSetup.exe
    C:\Program Files\winrar_winrar_3.60_francais_anglais_9632.exe
    C:\WINXP\system32\drivers\Kin25.sys
    C:\WINXP\system32\drivers\symavc32.sys
    C:\WINXP\system32\FreezeScreenSaver.exe
    C:\WINXP\system32\pibdicwmt.exe
    C:\WINXP\system32\uaampuq.exe
    C:\WINXP\system32\WLCtrl32.dll
    C:\WINXP\system32\zgzjfk.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_FREEZESCREENSAVER
    -------\LEGACY_KIN25
    -------\LEGACY_SI8I1EKYECE4A3
    -------\FreezeScreenSaver
    -------\Kin25
    -------\si8i1ekyece4a3


    ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-16 11:54 --------- d-----w C:\Program Files\Navilog1
    2008-03-16 10:40 --------- d-----w C:\Program Files\Trend Micro
    2008-03-14 19:54 --------- d-----w C:\Program Files\Common Files\HardDriveGuard
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\SalesMon
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\harddriveguard
    2008-03-07 12:31 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-06 21:32 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Spybot - Search & Destroy
    2008-03-06 20:53 --------- d-----w C:\Program Files\Business-in-a-Box
    2008-02-29 22:58 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Kaspersky Lab
    2008-02-29 18:25 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-02-29 17:44 --------- d-----w C:\Program Files\Alwil Software
    2008-02-29 17:26 91,700 ----a-w C:\WINXP\system32\drivers\klin.dat
    2008-02-29 17:26 85,860 ----a-w C:\WINXP\system32\drivers\klick.dat
    2008-02-28 21:00 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\BitTorrent
    2008-02-13 21:17 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\Skype
    2008-01-22 22:11 --------- d-----w C:\Program Files\Common Files\Anti-Hacker
    2008-01-22 21:11 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\MSN6
    2006-09-20 13:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-09-06 15:03 6,734 ----a-w C:\Program Files\install.log
    2006-05-17 17:26 2,983 ----a-w C:\Program Files\install_wizard.log
    2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@Sun 03-16-2008_ 9.53.31.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-16 09:49:12 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-16 17:06:43 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    - 2008-03-16 09:49:12 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-03-16 17:06:43 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-03-16 09:16:47 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    + 2008-03-16 17:06:44 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    - 2008-03-16 09:49:12 327,680 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-16 17:06:43 262,144 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-16 17:07:45 16,384 ----atw C:\WINXP\Temp\Perflib_Perfdata_490.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/27/2007 05:52 PM 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/21/2006 07:18 PM 180269]
    "SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 08:44 PM 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM 286720]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 01:00 PM 79224]
    "strpmon"="C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" [02/26/2008 09:40 AM 426496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINXP\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^DSLMON.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\DSLMON.lnk
    backup=C:\WINXP\pss\DSLMON.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^WINDOWS FRANCAIS^Start Menu^Programs^Startup^DrAntispy.lnk]
    path=C:\Documents and Settings\WINDOWS FRANCAIS\Start Menu\Programs\Startup\DrAntispy.lnk
    backup=C:\WINXP\pss\DrAntispy.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 08/04/2004 12:00 PM 15360 C:\WINXP\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    C:\Program Files\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
    E:\free calls\Gizmo Project\Gizmo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 08/04/2004 12:00 PM 208952 C:\WINXP\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 08/04/2004 12:00 PM 59392 C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrdvmyng]
    c:\winxp\system32\qrdvmyng.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 06/29/2007 06:24 AM 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
    C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
    C:\Program Files\Spyware Stormer\SpywareStormer.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 12/21/2006 07:18 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
    C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
    "8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
    "8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
    "8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
    "8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
    "8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
    "8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
    "8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
    "8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
    "8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
    "5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

    S0 Hfw76;Hfw76;C:\WINXP\system32\Drivers\Hfw76.sys []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [01/11/2007 09:10 PM]
    S3 PAC207;SoC PC-Camera;C:\WINXP\system32\DRIVERS\pfc027.sys [04/08/2005 10:46 AM]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINXP\system32\DRIVERS\ss_bus.sys [08/30/2005 05:57 PM]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINXP\system32\DRIVERS\ss_mdfl.sys [08/30/2005 05:58 PM]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINXP\system32\DRIVERS\ss_mdm.sys [08/30/2005 05:59 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Personnel#MPIGIER#windows xp arabefrance]
    \Shell\AutoRun\command - Z:\muisetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63013622-eaf2-11dc-aad5-4d6564696130}]
    \Shell\AutoRun\command - 188qsm.bat
    \Shell\explore\Command - 188qsm.bat
    \Shell\open\Command - 188qsm.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c1836e-9758-11db-8ecf-4d6564696130}]
    \Shell\AutoRun\command - kj.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-09 14:24:00 C:\WINXP\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 17:15:00 C:\WINXP\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-01-09 09:00:00 C:\WINXP\Tasks\rpc.job"
    - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    "2008-03-03 08:33:17 C:\WINXP\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - D:\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 17:12:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 03/16/2008 17:13:03
    ComboFix-quarantined-files.txt 2008-03-16 17:12:54
    ComboFix2.txt 2008-03-16 09:53:48
    .
    2007-09-19 21:58:10 --- E O F ---

    et voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:31, on 16-03-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINXP\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINXP\System32\PAStiSvc.exe
    C:\WINXP\system32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\SOUNDMAN.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\HardDriveGuard\strpmon.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\explorer.exe
    C:\WINXP\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.yahoo.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopTtop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" dm=http://harddriveguard.com ad=http://harddriveguard.com sd=http://inspaid.harddriveguard.com
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Anti-Hacker.lnk = ?
    O4 - Global Startup: YourScreen.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bloquez Pop-Up - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

    --
    End of file - 7036 bytes

    NOTE: COMBOFIX EN FAISANT SON TRAVAIL,A CHAQUE FOIS APPARAIT UNE FENETRE -FICHIER ENDOMMAGE-
    .........EXECUTER L'UTILITAIRE CHKDSK



    16 Mars 2008 19:17:12

    LE FICHIER ENDOMMAGER EST DANS WINXP\TEMP. J'AI ESSAYE DE LE SUPPRIMER MAIS J'ai pas pu,une fenetre apparait disant qu'il est impossible de supprimer,le repertoire n'est pas vide.
    16 Mars 2008 21:36:24

    SALUT.COMMENT FAIRE UN SCAN COMPLE? J'AI CHOISIS MANUEL SELECTION DANS L'ONGLET SCANNER ET J'AI COCHE TOUS.C'est ça LE SCAN COMPLET?
    16 Mars 2008 22:31:20

    voici le rapport:



    AntiVir PersonalEdition Classic
    Report file date: 16 مارس, 2008 20:29

    Scanning for 1149506 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: WINDOWS FRANCAIS
    Computer name: P4

    Version information:
    BUILD.DAT : 270 15603 Bytes 19-09-2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23-08-2007 14:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16-08-2007 13:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14-08-2007 16:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21-08-2007 13:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18-07-2007 15:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07-03-2008 20:27:24
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07-03-2008 20:27:24
    ANTIVIR3.VDF : 7.0.3.33 180736 Bytes 16-03-2008 20:27:24
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 16-03-2008 20:27:25
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26-02-2007 11:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18-07-2007 08:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16-04-2007 14:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16-03-2008 20:27:25
    AVREG.DLL : 7.0.1.6 30760 Bytes 18-07-2007 08:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28-08-2007 13:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18-07-2007 08:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08-03-2007 12:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07-08-2007 13:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21-08-2007 13:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23-07-2007 10:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users.WINXP\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 16 مارس, 2008 20:29

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'strpmon.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\Program Files\Common Files\HardDriveGuard\strpmon.exe'
    Scan process 'Res.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'strpmon.exe' has been terminated
    C:\Program Files\Common Files\HardDriveGuard\strpmon.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [INFO] The file was moved to '484f83d9.qua'!

    31 processes with 30 modules were scanned

    Start scanning boot sectors:
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.

    The registry was scanned ( '27' files ).


    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users.WINXP\Application Data\Spybot - Search & Destroy\Recovery\StarWare.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '483e840b.qua'!
    C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\catchme.zip
    [0] Archive type: ZIP
    --> Kin25.sys
    [DETECTION] Is the Trojan horse TR/Drop.Agent.NBG
    [INFO] The file was moved to '485184ec.qua'!
    C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\Navilog1.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.59
    [INFO] The file was moved to '485384f2.qua'!
    C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\[4]-Submit_Sun 03-16-2008@17.03.zip
    [0] Archive type: ZIP
    --> Joy48.sys
    [DETECTION] Is the Trojan horse TR/Drop.Agent.NBG
    [INFO] The file was moved to '483a84cd.qua'!
    C:\ErdUndoCache\E0000145\Bureau\Vb6Sp3Kit01.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Revell.110.A.
    [INFO] The file was moved to '48138601.qua'!
    C:\QooBox\Quarantine\C\WINXP\system32\WLCtrl32.dll.vir
    [DETECTION] Is the Trojan horse TR/Drop.Agent.NBG
    [INFO] The file was moved to '48208a1d.qua'!
    Begin scan in 'D:\' <disque local d>
    Begin scan in 'E:\'
    E:\Vb6Sp3Kit01.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Revell.110.A.
    [INFO] The file was moved to '48138d65.qua'!
    E:\YourScreen\YourScreen.exe
    [DETECTION] Is the Trojan horse TR/Agent.DBR
    [INFO] The file was moved to '48528fff.qua'!
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: 16 مارس, 2008 21:22
    Used time: 52:32 min

    The scan has been done completely.

    12261 Scanning directories
    349664 Files were scanned
    9 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    9 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    349655 Files not concerned
    3395 Archives were scanned
    2 Warnings
    1 Notes

    merci.
    a b 8 Sécurité
    17 Mars 2008 13:19:17

    Reposte un rapport Hijackthis.
    17 Mars 2008 13:54:44

    bonjour,
    le voici, et merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:54:02, on 17-03-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINXP\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\SOUNDMAN.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINXP\System32\PAStiSvc.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.yahoo.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopTtop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" dm=http://harddriveguard.com ad=http://harddriveguard.com sd=http://inspaid.harddriveguard.com
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" dm=http://harddriveguard.com ad=http://harddriveguard.com sd=http://inspaid.harddriveguard.com
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Anti-Hacker.lnk = ?
    O4 - Global Startup: YourScreen.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bloquez Pop-Up - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

    --
    End of file - 7052 bytes
    a b 8 Sécurité
    17 Mars 2008 14:38:00

    Refais un scan Combofix :) 
    17 Mars 2008 19:48:36

    ComboFix 08-03-14.4 - WINDOWS FRANCAIS 03/17/2008 18:42:20.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1256.1.1033.18.239 [GMT 0:00]
    Running from: C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-16 20:30 --------- d-----w C:\Program Files\Common Files\HardDriveGuard
    2008-03-16 20:24 --------- d-----w C:\Program Files\Avira
    2008-03-16 20:24 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Avira
    2008-03-16 19:59 --------- d-----w C:\Program Files\Alwil Software
    2008-03-16 11:54 --------- d-----w C:\Program Files\Navilog1
    2008-03-16 10:40 --------- d-----w C:\Program Files\Trend Micro
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\SalesMon
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\harddriveguard
    2008-03-07 12:31 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-06 21:32 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Spybot - Search & Destroy
    2008-03-06 20:53 --------- d-----w C:\Program Files\Business-in-a-Box
    2008-02-29 22:58 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Kaspersky Lab
    2008-02-29 18:25 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-02-29 17:26 91,700 ----a-w C:\WINXP\system32\drivers\klin.dat
    2008-02-29 17:26 85,860 ----a-w C:\WINXP\system32\drivers\klick.dat
    2008-02-28 21:00 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\BitTorrent
    2008-02-13 21:17 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\Skype
    2008-01-22 22:11 --------- d-----w C:\Program Files\Common Files\Anti-Hacker
    2008-01-22 21:11 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\MSN6
    2006-09-20 13:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-09-06 15:03 6,734 ----a-w C:\Program Files\install.log
    2006-05-17 17:26 2,983 ----a-w C:\Program Files\install_wizard.log
    2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@Sun 03-16-2008_ 9.53.31.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-16 09:49:12 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-16 17:06:43 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    - 2008-03-16 09:49:12 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-03-16 17:06:43 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-03-16 09:16:47 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    + 2008-03-16 17:06:44 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    + 2007-08-09 13:04:11 40,768 ----a-w C:\WINXP\system32\drivers\avgntdd.sys
    + 2007-07-18 14:22:19 21,312 ----a-w C:\WINXP\system32\drivers\avgntmgr.sys
    + 2008-03-16 20:27:25 61,632 ----a-w C:\WINXP\system32\drivers\avipbb.sys
    + 2007-03-01 10:34:36 28,352 ----a-w C:\WINXP\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/27/2007 05:52 PM 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/21/2006 07:18 PM 180269]
    "SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 08:44 PM 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM 286720]
    "strpmon"="C:\Program Files\Common Files\HardDriveGuard\strpmon.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [03/16/2008 08:27 PM 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINXP\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^DSLMON.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\DSLMON.lnk
    backup=C:\WINXP\pss\DSLMON.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^WINDOWS FRANCAIS^Start Menu^Programs^Startup^DrAntispy.lnk]
    path=C:\Documents and Settings\WINDOWS FRANCAIS\Start Menu\Programs\Startup\DrAntispy.lnk
    backup=C:\WINXP\pss\DrAntispy.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 08/04/2004 12:00 PM 15360 C:\WINXP\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    C:\Program Files\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
    E:\free calls\Gizmo Project\Gizmo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 08/04/2004 12:00 PM 208952 C:\WINXP\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 08/04/2004 12:00 PM 59392 C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrdvmyng]
    c:\winxp\system32\qrdvmyng.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 06/29/2007 06:24 AM 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
    C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
    C:\Program Files\Spyware Stormer\SpywareStormer.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 12/21/2006 07:18 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
    C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
    "8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
    "8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
    "8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
    "8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
    "8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
    "8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
    "8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
    "8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
    "8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
    "5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

    S0 Hfw76;Hfw76;C:\WINXP\system32\Drivers\Hfw76.sys []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [01/11/2007 09:10 PM]
    S3 PAC207;SoC PC-Camera;C:\WINXP\system32\DRIVERS\pfc027.sys [04/08/2005 10:46 AM]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINXP\system32\DRIVERS\ss_bus.sys [08/30/2005 05:57 PM]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINXP\system32\DRIVERS\ss_mdfl.sys [08/30/2005 05:58 PM]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINXP\system32\DRIVERS\ss_mdm.sys [08/30/2005 05:59 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Personnel#MPIGIER#windows xp arabefrance]
    \Shell\AutoRun\command - Z:\muisetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63013622-eaf2-11dc-aad5-4d6564696130}]
    \Shell\AutoRun\command - 188qsm.bat
    \Shell\explore\Command - 188qsm.bat
    \Shell\open\Command - 188qsm.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c1836e-9758-11db-8ecf-4d6564696130}]
    \Shell\AutoRun\command - kj.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-09 14:24:00 C:\WINXP\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 17:15:00 C:\WINXP\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-01-09 09:00:00 C:\WINXP\Tasks\rpc.job"
    - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    "2008-03-03 08:33:17 C:\WINXP\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - D:\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-17 18:45:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 03/17/2008 18:46:30
    ComboFix-quarantined-files.txt 2008-03-17 18:46:27
    ComboFix2.txt 2008-03-16 17:13:04
    ComboFix3.txt 2008-03-16 09:53:48
    .
    2007-09-19 21:58:10 --- E O F ---
    a b 8 Sécurité
    17 Mars 2008 20:01:44

    Utilise ce script :

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "strpmon"=-

    Folder::
    C:\Program Files\Common Files\HardDriveGuard
    17 Mars 2008 21:01:43

    j'ai accedé au registre,et je suis arrivée a "strpmon" dont les données sont comme le suivant:
    "C\Program Files\Common Files\HardDriveGuard\strpmon.exe"dm= http://harddriveguard.com ad=http:

    Quoi faire alors?
    a b 8 Sécurité
    18 Mars 2008 12:06:13

    Petite erreur, utilise le script Combofix ci-dessus.
    18 Mars 2008 20:06:57

    pardon,mais j'ai pas compris que dois je faire exactement. pouvez-vous m'expliquer par details quoi faire. vous etes un as en informatique,mais moi......etre un as en informatique ..c'est mon reve. MERCI et pardon pour une 2ème fois.
    18 Mars 2008 20:33:27

    est ce que je vais copier coller ça:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "strpmon"=-
    Folder::
    C:\Program Files\Common Files\HardDriveGuard

    dans le bloc-notes et le sauvegarder sous nom de: CFSript.txt ,et puis glisser le fichier dans Combofix.exe ,puis poster le rapport ?
    a b 8 Sécurité
    18 Mars 2008 20:53:46

    C'est ça ;) 
    18 Mars 2008 21:34:50

    donc voici le rapport:

    ComboFix 08-03-14.4 - WINDOWS FRANCAIS 03/18/2008 20:26:21.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1256.1.1033.18.259 [GMT 0:00]
    Running from: C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\WINDOWS FRANCAIS\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Common Files\HardDriveGuard

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-17 22:53 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\Skype
    2008-03-16 20:24 --------- d-----w C:\Program Files\Avira
    2008-03-16 20:24 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Avira
    2008-03-16 19:59 --------- d-----w C:\Program Files\Alwil Software
    2008-03-16 11:54 --------- d-----w C:\Program Files\Navilog1
    2008-03-16 10:40 --------- d-----w C:\Program Files\Trend Micro
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\SalesMon
    2008-03-14 19:54 --------- d-----r C:\Documents and Settings\All Users.WINXP\Application Data\harddriveguard
    2008-03-07 12:31 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-06 21:32 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Spybot - Search & Destroy
    2008-03-06 20:53 --------- d-----w C:\Program Files\Business-in-a-Box
    2008-02-29 22:58 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Kaspersky Lab
    2008-02-29 18:25 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-02-29 17:26 91,700 ----a-w C:\WINXP\system32\drivers\klin.dat
    2008-02-29 17:26 85,860 ----a-w C:\WINXP\system32\drivers\klick.dat
    2008-02-28 21:00 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\BitTorrent
    2008-01-22 22:11 --------- d-----w C:\Program Files\Common Files\Anti-Hacker
    2008-01-22 21:11 --------- d-----w C:\Documents and Settings\WINDOWS FRANCAIS\Application Data\MSN6
    2006-09-20 13:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-09-06 15:03 6,734 ----a-w C:\Program Files\install.log
    2006-05-17 17:26 2,983 ----a-w C:\Program Files\install_wizard.log
    2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@Sun 03-16-2008_ 9.53.31.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-16 09:49:12 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-16 17:06:43 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Cookies\index.dat
    - 2008-03-16 09:49:12 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-03-16 17:06:43 65,536 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-03-16 09:16:47 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    + 2008-03-16 17:06:44 32,768 ----a-w C:\WINXP\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
    + 2007-08-09 13:04:11 40,768 ----a-w C:\WINXP\system32\drivers\avgntdd.sys
    + 2007-07-18 14:22:19 21,312 ----a-w C:\WINXP\system32\drivers\avgntmgr.sys
    + 2008-03-16 20:27:25 61,632 ----a-w C:\WINXP\system32\drivers\avipbb.sys
    + 2007-03-01 10:34:36 28,352 ----a-w C:\WINXP\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/04/2004 12:00 PM 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/27/2007 05:52 PM 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/21/2006 07:18 PM 180269]
    "SoundMan"="SOUNDMAN.EXE" [11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 08:44 PM 65536]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM 286720]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [03/16/2008 08:27 PM 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINXP\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^DSLMON.lnk]
    path=C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\DSLMON.lnk
    backup=C:\WINXP\pss\DSLMON.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^WINDOWS FRANCAIS^Start Menu^Programs^Startup^DrAntispy.lnk]
    path=C:\Documents and Settings\WINDOWS FRANCAIS\Start Menu\Programs\Startup\DrAntispy.lnk
    backup=C:\WINXP\pss\DrAntispy.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 08/04/2004 12:00 PM 15360 C:\WINXP\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
    C:\Program Files\DialMessenger\dialmessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
    E:\free calls\Gizmo Project\Gizmo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 08/04/2004 12:00 PM 208952 C:\WINXP\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 08/04/2004 12:00 PM 59392 C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 08/04/2004 12:00 PM 455168 C:\WINXP\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrdvmyng]
    c:\winxp\system32\qrdvmyng.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 06/29/2007 06:24 AM 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
    C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 11/17/2006 05:42 AM 577536 C:\WINXP\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Stormer]
    C:\Program Files\Spyware Stormer\SpywareStormer.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 12/21/2006 07:18 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
    C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
    "8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
    "8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
    "8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
    "8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
    "8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
    "8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
    "8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
    "8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
    "8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
    "5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

    S0 Hfw76;Hfw76;C:\WINXP\system32\Drivers\Hfw76.sys []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [01/11/2007 09:10 PM]
    S3 PAC207;SoC PC-Camera;C:\WINXP\system32\DRIVERS\pfc027.sys [04/08/2005 10:46 AM]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINXP\system32\DRIVERS\ss_bus.sys [08/30/2005 05:57 PM]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINXP\system32\DRIVERS\ss_mdfl.sys [08/30/2005 05:58 PM]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINXP\system32\DRIVERS\ss_mdm.sys [08/30/2005 05:59 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Personnel#MPIGIER#windows xp arabefrance]
    \Shell\AutoRun\command - Z:\muisetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63013622-eaf2-11dc-aad5-4d6564696130}]
    \Shell\AutoRun\command - 188qsm.bat
    \Shell\explore\Command - 188qsm.bat
    \Shell\open\Command - 188qsm.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c1836e-9758-11db-8ecf-4d6564696130}]
    \Shell\AutoRun\command - kj.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-09 14:24:00 C:\WINXP\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-11 17:15:00 C:\WINXP\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-01-09 09:00:00 C:\WINXP\Tasks\rpc.job"
    - C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    "2008-03-03 08:33:17 C:\WINXP\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - D:\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-18 20:29:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 03/18/2008 20:30:46
    ComboFix-quarantined-files.txt 2008-03-18 20:30:30
    ComboFix2.txt 2008-03-17 18:46:31
    ComboFix3.txt 2008-03-16 17:13:04
    ComboFix4.txt 2008-03-16 09:53:48
    .
    2007-09-19 21:58:10 --- E O F ---
    a b 8 Sécurité
    18 Mars 2008 23:05:10

    Reposte un rapport Hijackthis.
    21 Mars 2008 16:58:49

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:36:34, on 21-03-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINXP\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\SOUNDMAN.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINXP\System32\PAStiSvc.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINXP\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.yahoo.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PopTtop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Anti-Hacker.lnk = ?
    O4 - Global Startup: YourScreen.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bloquez Pop-Up - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

    --
    End of file - 6684 bytes
    a b 8 Sécurité
    21 Mars 2008 17:54:03

    Tu connais IEFree ?
    21 Mars 2008 19:06:42

    il est dans program files
    a b 8 Sécurité
    21 Mars 2008 19:07:38

    Tu peux désinstaller ?
    21 Mars 2008 19:21:50

    je ne sais pas comment ça se fait
    a b 8 Sécurité
    21 Mars 2008 21:08:55

    Panneau de Configuration / Ajout-Suppression de Programmes
    21 Mars 2008 21:12:44

    je sais cette methode,mais j'y pas trouvé IEFree.
    a b 8 Sécurité
    21 Mars 2008 21:55:57

    Ok.

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: PopTtop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\Program Files\IEFree\Stop.dll
    O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll (file missing)


    Supprime :
    C:\Program Files\IEFree
    22 Mars 2008 20:16:23

    j'ai pas trouvé ces lignes. j'ai fais un scan complet avant d'accéder a hijackthis pour fixer les lignes.
    22 Mars 2008 20:35:29

    voici le nouveau rapport hijackthis



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34:39, on 22-03-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINXP\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINXP\SOUNDMAN.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINXP\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINXP\System32\PAStiSvc.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cf.yahoo.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Anti-Hacker.lnk = ?
    O4 - Global Startup: YourScreen.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bloquez Pop-Up - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - C:\WINXP\system32\shdocvw.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A6A12E-374B-4179-A1B3-E4B53296B94D}: NameServer = 212.217.0.3 196.217.246.210
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINXP\System32\PAStiSvc.exe

    --
    End of file - 6730 bytes
    a b 8 Sécurité
    23 Mars 2008 10:30:21

    Tu as encore des soucis ?
    27 Mars 2008 10:26:48

    oui. Mon antivir a détecté plusieurs virus ou des logiciels malveillants dans c:\system volume information\..., que je les ai mis tous au quarantaine,et après trois jours c'était la meme chose.et maintenant le scan a terminé à 26.1% dans c:\system volume information\... ,sans détection de rien. merci.
    a b 8 Sécurité
    27 Mars 2008 12:29:20

    Il te suffit de désactiver puis réactiver la restauration du système.
    27 Mars 2008 14:10:14

    ça y est je l'ai fais. je lancerai le scan plus tard et je t'informerai du résultat
    a b 8 Sécurité
    27 Mars 2008 14:23:52

    Ok ;) 
    27 Mars 2008 21:06:03

    C'est génial ! le scan complet est réussi. aucune détection !
    Merci infiniment.
    a b 8 Sécurité
    27 Mars 2008 22:04:00

    Des questions ?
    31 Mars 2008 15:17:02

    Pour l'instant non. Merci bien
    a b 8 Sécurité
    31 Mars 2008 18:00:53

    Bonne continuation ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS