Se connecter avec
S'enregistrer | Connectez-vous

Virus : MalwareAlarm

Dernière réponse : dans Sécurité

Bonjour , j'ai donc ce virus depuis hier
Pour eviter une perte de temps j'ai déja effectué les 2 rapports Hijackthis & smitfraudfix


Logfile of HijackThis v1.99.1
Scan saved at 14:26:23, on 22/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Windows\xpupdate.exe
C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\systs.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
c:\aklr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\DoacM\login.dll
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\thiery\LOCALS~1\Temp\Rar$EX23.546\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ôw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winC4.tmp.exe
O4 - HKLM\..\Run: [Windows SP System] svchost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Etrs] "C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKCU\..\Run: [Ggw] C:\WINDOWS\system32\?ppPatch\l?ass.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0689089a3e9e42e39cd5d77d64f08307
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0689089a3e9e42e39cd5d77d64f08307
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD




-------------------------------------------------------------------------



SmitFraudFix v2.241

Rapport fait à 14:27:54,34, 22/10/2007
Executé à partir de C:\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Windows\xpupdate.exe
C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\systs.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
c:\aklr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\DoacM\login.dll
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe PRESENT !
C:\WINDOWS\xpupdate.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\thiery\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Inventel Gateway - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Autres pages sur : virus malwarealarm

Lassé par la pub ? Créez un compte

J'ai pas tout compris , là j'ai redemarré en mod sans echec et j'ai lancé Smitfraudfix et voici ce que j'ai , je devais lancer Ijack aussi ?



SmitFraudFix v2.241

Rapport fait à 16:55:13,12, 22/10/2007
Executé à partir de C:\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\svchost.exe supprimé
C:\WINDOWS\xpupdate.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

ah ok , maintenant je relance Hijackthis et SmitfraudFix. en mod normal avec l'option 1 , c'est bien ça ?

[edit ] j'ai fait ça je post le rapport

Logfile of HijackThis v1.99.1
Scan saved at 17:16:27, on 22/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\WINDOWS\system32\?ppPatch\l?ass.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\systs.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
c:\aklr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ôw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winC4.tmp.exe
O4 - HKLM\..\Run: [Windows SP System] svchost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Etrs] "C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKCU\..\Run: [Ggw] C:\WINDOWS\system32\?ppPatch\l?ass.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0689089a3e9e42e39cd5d77d64f08307
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0689089a3e9e42e39cd5d77d64f08307
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe














SmitFraudFix v2.241

Rapport fait à 17:17:04,62, 22/10/2007
Executé à partir de C:\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\thiery\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Inventel Gateway - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Désolé pour le temps de réponse j'en ai bavé cette fois ca a mit bcp de temps

SmitFraudFix v2.241

Rapport fait à 1:34:23,06, 28/10/2007
Executé à partir de C:\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Inventel Gateway - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    J'ai une erreur quand je le lance c:\WINDOWS\regedit.exe manquant
    Copier le à partir d'une autre machine



    Il me manque bcp de fichier du genre msiexec.exe , hier c'était rundll32 , mais j'ai pu le telecharger je peux quasiement rien lancer comme programme

    c'est vraiment un gros virus ou y'a t'il moyen de le supprimmer en installant avast ?

    ComboFix 07-10-26.4 - thiery 2007-10-26 17:16:36.2 - NTFSx86
    Running from: C:\Documents and Settings\thiery\Mes documents\My Completed Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\gtmrcbeb.dll
    C:\Documents and Settings\thiery\Application Data\ASEMBL~1
    C:\Documents and Settings\thiery\Application Data\DOBE~1
    C:\Documents and Settings\thiery\Application Data\DOBE~1\?dobe\
    C:\Documents and Settings\thiery\Application Data\DOBE~1\smss.exe
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\MalwareAlarm
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\MalwareAlarm\MalwareAlarm.lnk
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\MalwareAlarm\Uninstall.lnk
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\setup.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\rundll32.exe
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drvgarr.dll
    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\lktcpg.dll
    C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\nusrmgr.exe
    C:\WINDOWS\system32\pppatc~1
    C:\WINDOWS\system32\pppatc~1\l?ass.exe
    C:\WINDOWS\system32\prutv.ini
    C:\WINDOWS\system32\prutv.ini2
    C:\WINDOWS\system32\rqrrqrr.dll
    C:\WINDOWS\system32\systs.exe
    C:\WINDOWS\system32\winsfg32.dll
    C:\WINDOWS\system32\wnsapiit32.exe
    C:\WINDOWS\xpupdate.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-26 17:46 314,464 --a------ C:\WINDOWS\system32\vtsqp.dll
    2007-10-26 17:46 6,856 --ahs---- C:\WINDOWS\system32\pqstv.ini2
    2007-10-26 16:45 153,088 --a------ C:\WINDOWS\regedit.exe
    2007-10-26 16:20 <REP> d-------- C:\Program Files\hqhchgtw
    2007-10-26 16:20 102,912 --a------ C:\WINDOWS\system32\drvgar.dll
    2007-10-26 16:20 33,792 --a------ C:\WINDOWS\system32\urqolml.dll
    2007-10-26 15:26 85,504 --a------ C:\WINDOWS\system32\msiexec.exe
    2007-10-26 15:07 <REP> d-------- C:\daoc portal
    2007-10-26 15:00 57,856 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-26 14:36 35,328 --a------ C:\WINDOWS\system32\nnnnlmm.dll
    2007-10-26 08:02 35,328 --a------ C:\WINDOWS\system32\khffdcb.dll
    2007-10-23 16:00 <REP> d-------- C:\Program Files\Virtual CD v4
    2007-10-23 16:00 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
    2007-10-23 16:00 208,896 --------- C:\WINDOWS\system32\vcdextse.dll
    2007-10-23 16:00 102,400 --------- C:\WINDOWS\system32\VCDEnv.dll
    2007-10-23 16:00 81,920 --------- C:\WINDOWS\system32\vcdcomm.dll
    2007-10-23 16:00 57,344 --------- C:\WINDOWS\system32\VCDScsi.dll
    2007-10-23 16:00 47,952 --------- C:\WINDOWS\system32\drivers\vcdmpdrv.sys
    2007-10-22 20:10 <REP> d-------- C:\Program Files\Lavalys
    2007-10-22 17:43 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-10-22 16:50 <REP> d-------- C:\WINDOWS\pss
    2007-10-22 15:35 <REP> d-------- C:\Program Files\Soldier of Fortune II - SP Demo
    2007-10-22 14:42 0 -ra------ C:\logwmemory.bin
    2007-10-22 14:40 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Soldat
    2007-10-22 14:28 2,052 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-22 14:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-22 14:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-22 14:27 61,440 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-22 14:27 57,856 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-22 14:27 35,840 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 14:22 <REP> d-------- C:\smitfraudfix
    2007-10-22 14:21 <REP> d-------- C:\Hijackthis
    2007-10-22 00:12 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-10-21 21:20 <REP> d-------- C:\Program Files\MalwareAlarm
    2007-10-21 21:19 36,352 --a------ C:\WINDOWS\system32\tuvvsqr.dll
    2007-10-21 20:49 93,696 --a------ C:\vont.exe
    2007-10-21 20:47 <REP> d-------- C:\Program Files\PowerISO
    2007-10-21 20:41 <REP> d-------- C:\Program Files\Smart Projects
    2007-10-21 19:43 <REP> d-------- C:\Program Files\DAEMON Tools
    2007-10-21 18:47 <REP> d-------- C:\WINDOWS\system32\fkmdvbtn
    2007-10-21 18:47 <REP> d-------- C:\Program Files\Quggudci
    2007-10-21 18:47 36,352 --a------ C:\WINDOWS\system32\gebyxwx.dll
    2007-10-21 12:46 35,328 --a------ C:\WINDOWS\system32\ljjiffc.dll
    2007-10-21 02:55 374,272 --a------ C:\WINDOWS\system32\mss32.dll
    2007-10-21 00:57 <REP> d-------- C:\DoacM
    2007-10-21 00:14 58,880 --a------ C:\aklr.exe
    2007-10-20 22:23 <REP> d-------- C:\IMGCARSL
    2007-10-20 22:23 139,264 --a------ C:\WINDOWS\DECO.DLL
    2007-10-20 22:23 77,232 --a------ C:\WINDOWS\IMGCARSL.SCR
    2007-10-19 01:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-10-19 01:31 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-10-19 01:31 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-10-17 19:12 <REP> d-------- C:\Program Files\Ventrilo
    2007-10-16 01:05 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2007-10-16 01:05 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2007-10-12 16:16 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalApp
    2007-10-12 16:13 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalSpace
    2007-10-11 18:29 <REP> d-------- C:\Program Files\MegauploadToolbar
    2007-10-11 18:29 <REP> d-------- C:\Documents and Settings\thiery\Application Data\MegauploadToolbar
    2007-10-08 16:47 136 --a------ C:\WINDOWS\system32\drivers\ALCICH.DAT
    2007-10-07 18:39 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Electronic Arts
    2007-10-07 18:27 <REP> d-------- C:\Program Files\Lavasoft
    2007-10-07 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-07 02:12 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Ventrilo
    2007-10-07 02:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 23:01 --------- d-----w C:\Program Files\Google
    2007-10-27 23:00 --------- d-----w C:\Program Files\IrfanView
    2007-10-26 16:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-26 13:29 --------- d-----w C:\Program Files\DAoC Portal
    2007-10-23 12:59 --------- d-----w C:\Program Files\RADVideo
    2007-10-23 12:57 --------- d-----w C:\Program Files\DAP
    2007-10-23 12:56 --------- d-----w C:\Program Files\BitTorrent
    2007-10-22 18:04 --------- d-----w C:\Documents and Settings\thiery\Application Data\teamspeak2
    2007-10-22 17:39 --------- d-----w C:\Program Files\Azureus
    2007-10-22 15:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-21 23:41 478 ----a-w C:\Program Files\Raccourci vers Outerinfo.lnk
    2007-10-21 18:24 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-10-21 18:09 --------- d-----w C:\Program Files\Wanadoo
    2007-10-21 17:55 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-10-21 17:02 --------- d-----w C:\Documents and Settings\thiery\Application Data\BitTorrent
    2007-10-21 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-21 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 23:54 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-18 23:32 --------- d-----w C:\Program Files\DivX
    2007-10-08 21:28 --------- d-----w C:\Documents and Settings\thiery\Application Data\BSplayer
    2007-10-06 23:11 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 532,480 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2006-12-01 14:05 286,720 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13:58 76,800 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27:00 432,640 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16:22 250,368 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5EB899-4E67-4E17-A95F-C5211AD736B3}]
    C:\WINDOWS\System32\nnnoono.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
    2007-10-21 18:47 106496 --a------ C:\Program Files\Quggudci\keiqqkgl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
    2007-10-21 21:19 36352 --a------ C:\WINDOWS\System32\tuvvsqr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B17642F-668D-4925-A40F-A88D265F88D3}]
    C:\WINDOWS\System32\vturp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" []
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2006-12-01 16:35]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 18:42]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 15:56]
    "VCDPlayer"="C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe" []
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-28 14:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 14:01]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Etrs"="C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe" []
    "MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" [2007-10-21 21:20]
    "Ggw"="C:\WINDOWS\system32\?ppPatch\l?ass.exe" []

    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Démarrage\
    PowerReg Scheduler.exe [2007-10-12 21:24:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0E5EB899-4E67-4E17-A95F-C5211AD736B3}"= C:\WINDOWS\System32\nnnoono.dll [ ]
    "{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\System32\tuvvsqr.dll [2007-10-21 21:19 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoono]
    nnnoono.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvsqr]
    tuvvsqr.dll 2007-10-21 21:19 36352 C:\WINDOWS\system32\tuvvsqr.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\vtsqp

    R1 vcdmpdrv;vcdmpdrv;C:\WINDOWS\System32\drivers\vcdmpdrv.sys
    S2 Remote Plugins Manager;Remote Plugins Manager;"C:\WINDOWS\system32\svshost.exe"
    S3 S12345;S12345;\??\D:\S12345.SYS

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-09 19:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-10-26 15:43:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 18:03:13
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-26 18:05:58 - machine was rebooted
    .
    --- E O F ---

    ComboFix 07-10-26.4 - thiery 2007-10-26 20:27:01.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.634 [GMT 2:00]
    Running from: C:\Documents and Settings\thiery\Mes documents\My Completed Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\pqstv.ini
    C:\WINDOWS\system32\pqstv.ini2
    C:\WINDOWS\system32\vtsqp.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-26 16:45 153,088 --a------ C:\WINDOWS\regedit.exe
    2007-10-26 16:20 <REP> d-------- C:\Program Files\hqhchgtw
    2007-10-26 16:20 102,912 --a------ C:\WINDOWS\system32\drvgar.dll
    2007-10-26 16:20 33,792 --a------ C:\WINDOWS\system32\urqolml.dll
    2007-10-26 15:26 85,504 --a------ C:\WINDOWS\system32\msiexec.exe
    2007-10-26 15:07 <REP> d-------- C:\daoc portal
    2007-10-26 15:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-26 14:36 35,328 --a------ C:\WINDOWS\system32\nnnnlmm.dll
    2007-10-26 08:02 35,328 --a------ C:\WINDOWS\system32\khffdcb.dll
    2007-10-23 16:00 <REP> d-------- C:\Program Files\Virtual CD v4
    2007-10-23 16:00 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
    2007-10-23 16:00 208,896 --------- C:\WINDOWS\system32\vcdextse.dll
    2007-10-23 16:00 102,400 --------- C:\WINDOWS\system32\VCDEnv.dll
    2007-10-23 16:00 81,920 --------- C:\WINDOWS\system32\vcdcomm.dll
    2007-10-23 16:00 57,344 --------- C:\WINDOWS\system32\VCDScsi.dll
    2007-10-23 16:00 47,952 --------- C:\WINDOWS\system32\drivers\vcdmpdrv.sys
    2007-10-22 20:10 <REP> d-------- C:\Program Files\Lavalys
    2007-10-22 17:43 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-10-22 16:50 <REP> d-------- C:\WINDOWS\pss
    2007-10-22 15:35 <REP> d-------- C:\Program Files\Soldier of Fortune II - SP Demo
    2007-10-22 14:42 0 -ra------ C:\logwmemory.bin
    2007-10-22 14:40 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Soldat
    2007-10-22 14:28 2,052 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-22 14:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-22 14:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-22 14:27 61,440 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-22 14:27 57,856 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-22 14:27 35,840 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 14:22 <REP> d-------- C:\smitfraudfix
    2007-10-22 14:21 <REP> d-------- C:\Hijackthis
    2007-10-22 00:12 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-10-21 21:20 <REP> d-------- C:\Program Files\MalwareAlarm
    2007-10-21 21:19 36,352 --a------ C:\WINDOWS\system32\tuvvsqr.dll
    2007-10-21 20:49 93,696 --a------ C:\vont.exe
    2007-10-21 20:47 <REP> d-------- C:\Program Files\PowerISO
    2007-10-21 20:41 <REP> d-------- C:\Program Files\Smart Projects
    2007-10-21 19:43 <REP> d-------- C:\Program Files\DAEMON Tools
    2007-10-21 18:47 <REP> d-------- C:\WINDOWS\system32\fkmdvbtn
    2007-10-21 18:47 <REP> d-------- C:\Program Files\Quggudci
    2007-10-21 18:47 36,352 --a------ C:\WINDOWS\system32\gebyxwx.dll
    2007-10-21 12:46 35,328 --a------ C:\WINDOWS\system32\ljjiffc.dll
    2007-10-21 02:55 374,272 --a------ C:\WINDOWS\system32\mss32.dll
    2007-10-21 00:57 <REP> d-------- C:\DoacM
    2007-10-21 00:14 58,880 --a------ C:\aklr.exe
    2007-10-20 22:23 <REP> d-------- C:\IMGCARSL
    2007-10-20 22:23 139,264 --a------ C:\WINDOWS\DECO.DLL
    2007-10-20 22:23 77,232 --a------ C:\WINDOWS\IMGCARSL.SCR
    2007-10-19 01:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-10-19 01:31 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-10-19 01:31 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-10-17 19:12 <REP> d-------- C:\Program Files\Ventrilo
    2007-10-16 01:05 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2007-10-16 01:05 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2007-10-12 16:16 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalApp
    2007-10-12 16:13 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalSpace
    2007-10-11 18:29 <REP> d-------- C:\Program Files\MegauploadToolbar
    2007-10-11 18:29 <REP> d-------- C:\Documents and Settings\thiery\Application Data\MegauploadToolbar
    2007-10-08 16:47 136 --a------ C:\WINDOWS\system32\drivers\ALCICH.DAT
    2007-10-07 18:39 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Electronic Arts
    2007-10-07 18:27 <REP> d-------- C:\Program Files\Lavasoft
    2007-10-07 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-07 02:12 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Ventrilo
    2007-10-07 02:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 23:01 --------- d-----w C:\Program Files\Google
    2007-10-27 23:00 --------- d-----w C:\Program Files\IrfanView
    2007-10-26 18:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-26 18:41 --------- d-----w C:\Documents and Settings\thiery\Application Data\teamspeak2
    2007-10-26 13:29 --------- d-----w C:\Program Files\DAoC Portal
    2007-10-23 12:59 --------- d-----w C:\Program Files\RADVideo
    2007-10-23 12:57 --------- d-----w C:\Program Files\DAP
    2007-10-23 12:56 --------- d-----w C:\Program Files\BitTorrent
    2007-10-22 17:39 --------- d-----w C:\Program Files\Azureus
    2007-10-22 15:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-21 23:41 478 ----a-w C:\Program Files\Raccourci vers Outerinfo.lnk
    2007-10-21 18:24 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-10-21 18:09 --------- d-----w C:\Program Files\Wanadoo
    2007-10-21 17:55 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-10-21 17:02 --------- d-----w C:\Documents and Settings\thiery\Application Data\BitTorrent
    2007-10-21 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-21 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 23:54 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-18 23:32 --------- d-----w C:\Program Files\DivX
    2007-10-08 21:28 --------- d-----w C:\Documents and Settings\thiery\Application Data\BSplayer
    2007-10-06 23:11 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-08-15 22:33 532,480 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2006-12-01 14:05 286,720 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13:58 76,800 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27:00 432,640 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16:22 250,368 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-26_18.04.16.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-20 04:03:30 145,920 ----a-w C:\WINDOWS\catchme.exe
    + 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
    - 2007-10-26 15:41:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-10-26 18:46:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-10-26 15:41:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2007-10-26 18:46:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-10-26 15:41:32 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-10-26 18:46:06 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-10-26 15:15:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2007-10-26 18:26:44 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    - 2007-07-22 16:39:27 289,280 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5EB899-4E67-4E17-A95F-C5211AD736B3}]
    C:\WINDOWS\System32\nnnoono.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
    2007-10-21 18:47 106496 --a------ C:\Program Files\Quggudci\keiqqkgl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
    2007-10-21 21:19 36352 --a------ C:\WINDOWS\System32\tuvvsqr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B17642F-668D-4925-A40F-A88D265F88D3}]
    C:\WINDOWS\System32\vturp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" []
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2006-12-01 16:35]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 18:42]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 15:56]
    "VCDPlayer"="C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe" []
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-28 14:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 14:01]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
    "Etrs"="C:\DOCUME~1\thiery\APPLIC~1\DOBE~1\smss.exe" []
    "MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" [2007-10-21 21:20]
    "Ggw"="C:\WINDOWS\system32\?ppPatch\l?ass.exe" []

    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Démarrage\
    PowerReg Scheduler.exe [2007-10-12 21:24:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0E5EB899-4E67-4E17-A95F-C5211AD736B3}"= C:\WINDOWS\System32\nnnoono.dll [ ]
    "{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"= C:\WINDOWS\System32\tuvvsqr.dll [2007-10-21 21:19 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoono]
    nnnoono.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvsqr]
    tuvvsqr.dll 2007-10-21 21:19 36352 C:\WINDOWS\system32\tuvvsqr.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtsqp.dll

    R1 vcdmpdrv;vcdmpdrv;C:\WINDOWS\System32\drivers\vcdmpdrv.sys
    S2 Remote Plugins Manager;Remote Plugins Manager;"C:\WINDOWS\system32\svshost.exe"
    S3 S12345;S12345;\??\D:\S12345.SYS

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-09 19:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-10-26 18:43:09 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 20:47:45
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-26 20:50:52 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-26 18:05
    .
    --- E O F ---

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\drvgar.dll
    C:\WINDOWS\system32\urqolml.dll
    C:\WINDOWS\system32\nnnnlmm.dll
    C:\WINDOWS\system32\khffdcb.dll
    C:\WINDOWS\system32\tuvvsqr.dll
    C:\vont.exe
    C:\WINDOWS\system32\gebyxwx.dll
    C:\WINDOWS\system32\ljjiffc.dll
    C:\aklr.exe
    C:\WINDOWS\System32\nnnoono.dll
    C:\WINDOWS\System32\tuvvsqr.dll
    C:\WINDOWS\System32\vturp.dll

    Folder::
    C:\Program Files\MalwareAlarm
    C:\Program Files\Quggudci

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5EB899-4E67-4E17-A95F-C5211AD736B3}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B17642F-668D-4925-A40F-A88D265F88D3}]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MalwareAlarm"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0E5EB899-4E67-4E17-A95F-C5211AD736B3}"=-
    "{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoono]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvsqr]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]


    Ca a l'air bon je ne vois plus le virus :love: 



    ComboFix 07-10-26.4 - thiery 2007-10-27 13:30:17.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.603 [GMT 2:00]Running from: C:\Documents and Settings\thiery\Mes documents\My Completed Downloads\ComboFix.exe
    Command switches used :: C:\Documents and Settings\thiery\Bureau\CFScript.txt.txt
    * Created a new restore point

    FILE::
    C:\aklr.exe
    C:\vont.exe
    C:\WINDOWS\system32\drvgar.dll
    C:\WINDOWS\system32\gebyxwx.dll
    C:\WINDOWS\system32\khffdcb.dll
    C:\WINDOWS\system32\ljjiffc.dll
    C:\WINDOWS\system32\nnnnlmm.dll
    C:\WINDOWS\System32\nnnoono.dll
    C:\WINDOWS\system32\tuvvsqr.dll
    C:\WINDOWS\System32\tuvvsqr.dll
    C:\WINDOWS\system32\urqolml.dll
    C:\WINDOWS\System32\vturp.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\aklr.exe
    C:\Program Files\MalwareAlarm
    C:\Program Files\MalwareAlarm\MalwareAlarm.exe
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic
    C:\Program Files\MalwareAlarm\MalwareAlarm0.dll
    C:\Program Files\MalwareAlarm\MalwareAlarm0.ma
    C:\Program Files\MalwareAlarm\MalwareAlarm1.dll
    C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
    C:\Program Files\MalwareAlarm\MalwareAlarm3.dll
    C:\Program Files\MalwareAlarm\Uninstall.exe
    C:\Program Files\Quggudci
    C:\Program Files\Quggudci\keiqqkgl.dll
    C:\vont.exe
    C:\WINDOWS\system32\drvgar.dll
    C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\edeeg.ini2
    C:\WINDOWS\system32\gebyxwx.dll
    C:\WINDOWS\system32\geede.dll
    C:\WINDOWS\System32\jkklm.dll
    C:\WINDOWS\system32\khffdcb.dll
    C:\WINDOWS\system32\ljjiffc.dll
    C:\WINDOWS\system32\mlkkj.ini
    C:\WINDOWS\system32\mlkkj.ini2
    C:\WINDOWS\system32\nnnnlmm.dll
    C:\WINDOWS\system32\tuvvsqr.dll
    C:\WINDOWS\system32\urqolml.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-27 00:22 <REP> d-------- C:\Program Files\mIRC
    2007-10-26 16:45 153,088 --a------ C:\WINDOWS\regedit.exe
    2007-10-26 16:20 <REP> d-------- C:\Program Files\hqhchgtw
    2007-10-26 15:26 85,504 --a------ C:\WINDOWS\system32\msiexec.exe
    2007-10-26 15:07 <REP> d-------- C:\daoc portal
    2007-10-26 15:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-23 16:00 <REP> d-------- C:\Program Files\Virtual CD v4
    2007-10-23 16:00 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
    2007-10-23 16:00 208,896 --------- C:\WINDOWS\system32\vcdextse.dll
    2007-10-23 16:00 102,400 --------- C:\WINDOWS\system32\VCDEnv.dll
    2007-10-23 16:00 81,920 --------- C:\WINDOWS\system32\vcdcomm.dll
    2007-10-23 16:00 57,344 --------- C:\WINDOWS\system32\VCDScsi.dll
    2007-10-23 16:00 47,952 --------- C:\WINDOWS\system32\drivers\vcdmpdrv.sys
    2007-10-22 20:10 <REP> d-------- C:\Program Files\Lavalys
    2007-10-22 17:43 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-10-22 16:50 <REP> d-------- C:\WINDOWS\pss
    2007-10-22 15:35 <REP> d-------- C:\Program Files\Soldier of Fortune II - SP Demo
    2007-10-22 14:42 0 -ra------ C:\logwmemory.bin
    2007-10-22 14:40 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Soldat
    2007-10-22 14:28 2,052 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-22 14:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-22 14:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-22 14:27 61,440 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-22 14:27 57,856 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-22 14:27 35,840 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 14:22 <REP> d-------- C:\smitfraudfix
    2007-10-22 14:21 <REP> d-------- C:\Hijackthis
    2007-10-22 00:12 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-10-21 20:47 <REP> d-------- C:\Program Files\PowerISO
    2007-10-21 20:41 <REP> d-------- C:\Program Files\Smart Projects
    2007-10-21 19:43 <REP> d-------- C:\Program Files\DAEMON Tools
    2007-10-21 18:47 <REP> d-------- C:\WINDOWS\system32\fkmdvbtn
    2007-10-21 02:55 374,272 --a------ C:\WINDOWS\system32\mss32.dll
    2007-10-21 00:57 <REP> d-------- C:\DoacM
    2007-10-20 22:23 <REP> d-------- C:\IMGCARSL
    2007-10-20 22:23 139,264 --a------ C:\WINDOWS\DECO.DLL
    2007-10-20 22:23 77,232 --a------ C:\WINDOWS\IMGCARSL.SCR
    2007-10-19 01:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-10-19 01:31 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-10-19 01:31 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-10-17 19:12 <REP> d-------- C:\Program Files\Ventrilo
    2007-10-16 01:05 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2007-10-16 01:05 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2007-10-12 16:16 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalApp
    2007-10-12 16:13 <REP> d-------- C:\Documents and Settings\thiery\Application Data\CrystalSpace
    2007-10-11 18:29 <REP> d-------- C:\Program Files\MegauploadToolbar
    2007-10-11 18:29 <REP> d-------- C:\Documents and Settings\thiery\Application Data\MegauploadToolbar
    2007-10-08 16:47 136 --a------ C:\WINDOWS\system32\drivers\ALCICH.DAT
    2007-10-07 18:39 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Electronic Arts
    2007-10-07 18:27 <REP> d-------- C:\Program Files\Lavasoft
    2007-10-07 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-07 02:12 <REP> d-------- C:\Documents and Settings\thiery\Application Data\Ventrilo
    2007-10-07 02:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 23:01 --------- d-----w C:\Program Files\Google
    2007-10-27 23:00 --------- d-----w C:\Program Files\IrfanView
    2007-10-27 11:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-26 18:41 --------- d-----w C:\Documents and Settings\thiery\Application Data\teamspeak2
    2007-10-26 13:29 --------- d-----w C:\Program Files\DAoC Portal
    2007-10-23 12:59 --------- d-----w C:\Program Files\RADVideo
    2007-10-23 12:57 --------- d-----w C:\Program Files\DAP
    2007-10-23 12:56 --------- d-----w C:\Program Files\BitTorrent
    2007-10-22 17:39 --------- d-----w C:\Program Files\Azureus
    2007-10-22 15:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-21 23:41 478 ----a-w C:\Program Files\Raccourci vers Outerinfo.lnk
    2007-10-21 18:24 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-10-21 18:09 --------- d-----w C:\Program Files\Wanadoo
    2007-10-21 17:55 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-10-21 17:02 --------- d-----w C:\Documents and Settings\thiery\Application Data\BitTorrent
    2007-10-21 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-21 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 23:54 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-18 23:32 --------- d-----w C:\Program Files\DivX
    2007-10-08 21:28 --------- d-----w C:\Documents and Settings\thiery\Application Data\BSplayer
    2007-10-06 23:11 --------- d-----w C:\Program Files\MSN Messenger
    2006-12-01 14:05 286,720 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13:58 76,800 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27:00 432,640 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16:22 250,368 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-26_18.04.16.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-20 04:03:30 145,920 ----a-w C:\WINDOWS\catchme.exe
    + 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
    - 2007-10-26 15:41:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-10-27 11:37:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-10-26 15:41:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2007-10-27 11:37:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-10-26 15:41:32 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-10-27 11:37:19 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-10-26 15:15:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2007-10-27 11:29:36 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    - 2007-07-22 16:39:27 289,280 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2003-06-23 00:44:36 1,415,680 ----a-w C:\WINDOWS\system32\wmv9vcm.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B17642F-668D-4925-A40F-A88D265F88D3}]
    C:\WINDOWS\System32\vturp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" []
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2006-12-01 16:35]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 18:42]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-09 15:56]
    "VCDPlayer"="C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe" []
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-28 14:00]

    C:\Documents and Settings\thiery\Menu Démarrer\Programmes\Démarrage\
    PowerReg Scheduler.exe [2007-10-12 21:24:38]

    R1 vcdmpdrv;vcdmpdrv;C:\WINDOWS\System32\drivers\vcdmpdrv.sys
    S3 S12345;S12345;\??\D:\S12345.SYS

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-09 19:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-10-27 10:43:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-27 13:37:26
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-27 13:39:11 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-27 13:27
    .
    --- E O F ---


    ------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 13:43:01, on 27/10/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ôw
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B17642F-668D-4925-A40F-A88D265F88D3} - C:\WINDOWS\System32\vturp.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0689089a3e9e42e39cd5d77d64f08307
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0689089a3e9e42e39cd5d77d64f08307
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Plugins Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
    O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe

    oui , je demande juste si tu es sur pour avast vu que le dernier anti virus en date était AVG , j'ai retrouvé un dernier dossier d'avast dans c/windows/temp je pense que c'est bon , je te post le rapport demain en début d'après midi

    Et merci encore pour l'aide

    Désolé pour le temps de réponse , petit problème de net
    Sisi j'ai bien regardé , sinon j'ai bien desinstallé mais quand j'essaye d'installer le nouvel antivirus j'ai un message à la fin


    Ah oui entre temps ducoup j'ai reussi à rechoper un virus , il apas l'air méchant mais bon je sens que c'est reparti pour un coup d'HijackThis & co .
    [edit]

    Logfile of HijackThis v1.99.1
    Scan saved at 04:31:24, on 31/10/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\dGhpZXJ5\command.exe
    C:\WINDOWS\System32\vvgeowbv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ôw
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {7B17642F-668D-4925-A40F-A88D265F88D3} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0689089a3e9e42e39cd5d77d64f08307
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0689089a3e9e42e39cd5d77d64f08307
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dGhpZXJ5\command.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Plugins Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
    O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe



    ---------------------------------------------------------------------------------------


    SmitFraudFix v2.241

    Rapport fait à 4:32:33,56, 31/10/2007
    Executé à partir de C:\smitfraudfix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\thiery\Mes documents\Mes fichiers reçus\Mozilla Firefox\firefox.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\dGhpZXJ5\command.exe
    C:\WINDOWS\System32\vvgeowbv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ace16win.dll PRESENT !
    C:\WINDOWS\system32\msole32.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\thiery\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\thiery\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=" c:\\windows\\system32\\ldcore.dll"
    "LoadAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Inventel Gateway - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA7E7D62-DC3B-48D2-9D92-A560A1882C61}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde