Je suis infecté d'un ver "trojan horse downloader.generic7.gt" et je n'arrive pas à m'en débarasser. AVG le retrace, m'en informe, le nettoie et c'est repartie de plus belle. Spyware doctor aussi arrive à retirer des fichiers, mais ça revient. Quoi d'autre je pourrais faire?

J'ai roulé ComboFix et Hijackthis. Voici les rapports:


ComboFix 08-03-22.3 - Roger 2008-03-23 17:20:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1230 [GMT -4:00]
Running from: C:\Documents and Settings\Roger\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 16:33 . 2008-03-23 16:33 <DIR> d-------- C:\Program Files\CCleaner
2008-03-23 11:26 . 2008-03-23 11:26 <DIR> d-------- C:\Program Files\iPod
2008-03-21 21:36 . 2008-03-21 21:36 244 --ah----- C:\sqmnoopt10.sqm
2008-03-21 21:36 . 2008-03-21 21:36 232 --ah----- C:\sqmdata10.sqm
2008-03-19 16:27 . 2008-03-19 16:27 <DIR> d-------- C:\Program Files\Windows Live
2008-03-19 16:27 . 2008-03-19 16:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-19 16:26 . 2008-03-19 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 20:54 . 2008-03-18 21:38 <DIR> d-------- C:\Program Files\ImpotRapide 2007
2008-03-18 20:54 . 2008-03-18 20:54 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-03-18 20:54 . 2008-03-18 20:54 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-18 20:54 . 2008-03-18 20:54 <DIR> d-------- C:\Documents and Settings\Roger\Application Data\Intuit Canada
2008-03-18 20:53 . 2008-03-18 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-03-17 22:32 . 2008-03-17 22:32 244 --ah----- C:\sqmnoopt09.sqm
2008-03-17 22:32 . 2008-03-17 22:32 232 --ah----- C:\sqmdata09.sqm
2008-03-17 21:13 . 2008-03-22 22:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-17 21:13 . 2008-03-17 21:13 <DIR> d-------- C:\Documents and Settings\Roger\Application Data\PC Tools
2008-03-17 21:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-17 21:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-17 21:13 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-17 21:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-17 20:51 . 2008-03-17 20:51 <DIR> d-------- C:\Program Files\Anti-Leech
2008-03-17 19:41 . 2008-03-17 19:41 244 --ah----- C:\sqmnoopt08.sqm
2008-03-17 19:41 . 2008-03-17 19:41 232 --ah----- C:\sqmdata08.sqm
2008-03-17 19:37 . 2008-03-23 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 09:30 . 2008-03-16 09:30 244 --ah----- C:\sqmnoopt07.sqm
2008-03-16 09:30 . 2008-03-16 09:30 232 --ah----- C:\sqmdata07.sqm
2008-03-15 11:02 . 2008-03-15 11:02 244 --ah----- C:\sqmnoopt06.sqm
2008-03-15 11:02 . 2008-03-15 11:02 232 --ah----- C:\sqmdata06.sqm
2008-03-14 21:07 . 2008-03-14 21:07 244 --ah----- C:\sqmnoopt05.sqm
2008-03-14 21:07 . 2008-03-14 21:07 232 --ah----- C:\sqmdata05.sqm
2008-03-13 18:35 . 2008-03-13 18:35 <DIR> d-------- C:\Documents and Settings\Kkarel\Application Data\TuneUp Software
2008-03-09 20:32 . 2008-03-09 20:32 244 --ah----- C:\sqmnoopt04.sqm
2008-03-09 20:32 . 2008-03-09 20:32 232 --ah----- C:\sqmdata04.sqm
2008-03-07 18:04 . 2008-03-07 18:04 268 --ah----- C:\sqmdata03.sqm
2008-03-07 18:04 . 2008-03-07 18:04 244 --ah----- C:\sqmnoopt03.sqm
2008-03-07 18:03 . 2008-03-07 18:03 <DIR> d-------- C:\Documents and Settings\Isabel\Contacts
2008-02-25 13:41 . 2008-03-05 08:33 <DIR> d-------- C:\Documents and Settings\Kkarel\Application Data\Microsoft Games
2008-02-25 13:41 . 2008-03-05 08:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:45 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-23 15:37 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\Apple Computer
2008-03-23 15:26 --------- d-----w C:\Program Files\iTunes
2008-03-23 15:25 --------- d-----w C:\Program Files\QuickTime
2008-03-23 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-23 13:42 --------- d-----w C:\Documents and Settings\Roger\Application Data\AVG7
2008-03-23 02:05 --------- d-----w C:\Program Files\LimeWire
2008-03-22 17:31 --------- d-----w C:\Program Files\Steam
2008-03-22 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-03-22 12:03 --------- d-----w C:\Documents and Settings\Roger\Application Data\ZoomBrowser EX
2008-03-22 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-22 00:45 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\Image Zone Express
2008-03-20 19:30 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\LimeWire
2008-03-17 23:33 94,080 ----a-w C:\Documents and Settings\Roger\Application Data\ezplay.sys
2008-03-17 23:33 81,920 -c--a-w C:\Documents and Settings\Roger\Application Data\ezpinst.exe
2008-03-17 23:33 --------- d-----w C:\Documents and Settings\Roger\Application Data\Vso
2008-03-11 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 00:43 --------- d-----w C:\Documents and Settings\Isabel\Application Data\LimeWire
2008-03-02 22:19 --------- d-----w C:\Program Files\Warcraft III
2008-02-25 17:40 --------- d-----w C:\Program Files\Microsoft Games
2008-02-23 22:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-02-21 10:41 --------- d-----w C:\Documents and Settings\Isabel\Application Data\AVG7
2008-02-17 23:10 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\AVG7
2008-02-17 20:16 --------- d-----w C:\Documents and Settings\Cédric\Application Data\AVG7
2008-02-17 19:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-17 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 15:41 --------- d-----w C:\Documents and Settings\Roger\Application Data\Ulead Systems
2008-02-17 02:04 --------- d-----w C:\Documents and Settings\Roger\Application Data\Image Zone Express
2008-02-17 01:58 --------- d-----w C:\Documents and Settings\Roger\Application Data\HP
2008-02-16 20:24 --------- d-----w C:\Program Files\American Conquest
2008-02-16 14:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 14:11 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-15 13:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 00:43 94,080 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-02-09 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 13:51 --------- d-----w C:\Program Files\Midway Home Entertainment
2008-02-09 03:36 --------- d-----w C:\Documents and Settings\Cédric\Application Data\uTorrent
2008-02-02 21:49 --------- d-----w C:\Program Files\Systran
2008-02-02 21:14 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:36 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-01-30 01:55 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-30 01:54 --------- d-----w C:\Program Files\Logitech
2008-01-30 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-30 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-29 02:18 --------- d-----w C:\Program Files\HP
2008-01-28 21:57 --------- d-----w C:\Program Files\LegacyGamers
2008-01-28 18:52 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-28 18:52 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-28 18:52 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-28 18:51 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-28 18:49 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-28 17:49 --------- d-----w C:\Program Files\PCPitstop
2008-01-28 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-28 16:05 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-28 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-28 02:24 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-28 02:24 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-28 02:24 --------- d-----w C:\Documents and Settings\Roger\Application Data\TuneUp Software
2008-01-28 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-28 02:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 01:10 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-28 01:10 47,360 -c--a-w C:\Documents and Settings\Roger\Application Data\pcouffin.sys
2008-01-28 01:10 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-01-27 21:35 --------- d-----w C:\Documents and Settings\Cédric\Application Data\Ulead Systems
2008-01-27 19:44 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\Ulead Systems
2008-01-27 16:01 --------- d-----w C:\Program Files\SmartSound Software
2008-01-27 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-01-27 16:00 --------- d-----w C:\Program Files\Windows Media Components
2008-01-27 16:00 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-27 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-27 15:59 --------- d-----w C:\Program Files\Ulead Systems
2008-01-27 15:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-27 15:20 --------- d-----w C:\Documents and Settings\Roger\Application Data\Kodak
2008-01-27 15:10 --------- d-----w C:\Documents and Settings\Roger\Application Data\Apple Computer
2008-01-27 15:04 5,330 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 15:04 --------- d-----w C:\Documents and Settings\Roger\Application Data\Corel
2008-01-25 14:33 --------- d-----w C:\Documents and Settings\Kkarel\Application Data\Ahead
2008-01-24 01:10 --------- d-----w C:\Program Files\Silkroad
2008-01-22 19:24 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-13 21:25 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-01-06 15:25 1,712,201 ----a-w C:\WINDOWS\system32\InetClnt.dll
2007-12-30 20:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-30 20:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-30 20:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-12-30 19:54 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
2007-12-25 15:10 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 18:07 139,264 -c--a-w C:\WINDOWS\War3Unin.exe
2006-06-23 19:48 32,768 -c--a-w C:\WINDOWS\inf\UpdateUSB.exe
2007-12-02 20:32 8 -csh--r C:\WINDOWS\system32\42DA6463BD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 16:29 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-08 00:29 2743552]
"Aquarius Soft PC Lockup"="C:\Program Files\Aquarius Soft\PC Lock Up Pro\start.exe" [2008-01-12 01:01 373248]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-10-02 13:19 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 15:38 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 15:38 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 16:29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\steamapps\\doseffects\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\kondomroffe77\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\antitou\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\antitou\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"C:\\Program Files\\Steam\\steamapps\\kondomroffe77\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Steam\\steamapps\\kondomroffe77\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"C:\\Program Files\\Steam\\steamapps\\kondomroffe77\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\Steam\\steamapps\\kondomroffe77\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\doseffects\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Fox\\Aliens vs. Predator 2 Multiplayer Demo\\lithtech.exe"=
"C:\\Westwood\\Renegade\\Game.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Steam\\steamapps\\antitou\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\raphcool3\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Savage 2 - A Tortured Soul\\savage2.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:192.168.1.0/255.255.255.0:Enabled:frozen throne

R2 aslunts;aslunts;C:\Program Files\Aquarius Soft\PC Lock Up Pro\svchost.exe [2008-01-12 01:01]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-27 22:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bd600-a110-11dc-a329-d858d819d9bb}]
\Shell\AutoRun\command - G:\PortableVault.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60dd96a9-a132-11dc-9d97-001bfc37e4db}]
\Shell\AutoRun\command - E:\zLaunch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd34304e-a534-11dc-9d9e-001bfc37e4db}]
\Shell\AutoRun\command - F:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 16:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 21:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-23 20:46:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-25 03:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 17:26:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 17:29:42
ComboFix-quarantined-files.txt 2008-03-23 21:29:31
.
2008-03-21 16:29:12 --- E O F ---


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:00, on 23-03-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Aquarius Soft\PC Lock Up Pro\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aquarius Soft\PC Lock Up Pro\spools.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Aquarius Soft\PC Lock Up Pro\start.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Aquarius Soft\PC Lock Up Pro\spool.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Roger\LOCALS~1\Temp\Rar$EX01.109\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tva.canoe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Aquarius Soft PC Lockup] "C:\Program Files\Aquarius Soft\PC Lock Up Pro\start.exe" /startup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 6626707062
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/opt [...] tstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: aslunts - Aquarius Soft - C:\Program Files\Aquarius Soft\PC Lock Up Pro\svchost.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11655 bytes