virtumonde et tratBHO

Bonjour,

J'ai tratBHO et virtumonde sur mon ordi. J'ai utilisé Vundofix et Combofix, puis je viens de lancer un scan avec Antivir qui me trouve 37 infections. Pouvez vous me dire ce que je dois faire ?
Voici mon scan antivir.

Merci de votre aide

Greg


AntiVir PersonalEdition Classic
Report file date: mardi 1 avril 2008 16:04

Scanning for 1173671 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: MARC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
ANTIVIR3.VDF : 7.0.3.103 76800 Bytes 01/04/2008 14:03:02
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 01/04/2008 14:03:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 1 avril 2008 16:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TRENDnet.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SmartUI.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Bureau\DIVERS\Nettoyage\Civilization III Games of the Year.exe
[0] Archive type: ZIP SFX (self extracting)
--> CIVILIZATION3.EXE
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '486843c0.qua'!
C:\Documents and Settings\HP_Propriétaire\Bureau\MSNFix\MSNFix\19032008_11394785.zip
[0] Archive type: ZIP
--> backup/MyPhoto22.zip
[1] Archive type: ZIP
--> MyPhoto22.JPEG_www.freeuploadz.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto35.zip
[1] Archive type: ZIP
--> MyPhoto35.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto45.zip
[1] Archive type: ZIP
--> MyPhoto45.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto47.zip
[1] Archive type: ZIP
--> MyPhoto47.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/MyPhoto48.zip
[1] Archive type: ZIP
--> MyPhoto48.JPEG-ScannedByMsn.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto19.zip
[1] Archive type: ZIP
--> NewPhoto19.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto22.zip
[1] Archive type: ZIP
--> NewPhoto22.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPhoto25.zip
[1] Archive type: ZIP
--> NewPhoto25.JPEG_ScannedByMSN.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/NewPicture0028.zip
[1] Archive type: ZIP
--> MyPic0028.JPEG_www.uploads.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/npssvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '482246a5.qua'!
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\Greg\photo029.zip
[0] Archive type: ZIP
--> photo029.JPG-www.myspace.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '486148f4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bvapsqyb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.EER
[INFO] The file was moved to '48535149.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxywus.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486a5135.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\corqsmar.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48645143.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccyyxu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48555137.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ganaqhdp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605135.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcdaw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4854513a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebxxyv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '492ba7b3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hggfdca.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4859513c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifccay.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858513f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgeby.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4927a7c8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\khfecdb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858513e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjgecb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485c5141.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmnom.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605145.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnomkl.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48605146.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnn.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '491fa7ce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rnsnlkuh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48655146.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\shmiwtth.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.GH
[INFO] The file was moved to '485f5141.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvurol.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4868514e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tytngdro.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48665152.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutrqo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4867514e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wibjtodp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48545143.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wpycojcn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486b514a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuvwxu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48675151.qua'!
C:\VundoFix Backups\bevwiuwy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48685146.qua'!
C:\WINDOWS\system32\npssvc.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48655477.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mardi 1 avril 2008 17:45
Used time: 1:41:23 min

The scan has been done completely.

8011 Scanning directories
642937 Files were scanned
37 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
28 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
642900 Files not concerned
16779 Archives were scanned
2 Warnings
52 Notes

voila le rapport combifix

ComboFix 08-03-30.5 - HP_Propriétaire 2008-04-01 18:17:41.2 - NTFSx86
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\killtrojan.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Program Files\Avira
2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-01 14:42 . 2008-04-01 14:42 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-01 14:28 . 2008-04-01 17:12 <REP> d-------- C:\VundoFix Backups
2008-03-26 14:12 . 2008-03-26 14:13 1,524,836 ---hs---- C:\WINDOWS\system32\frkrcdvl.ini
2008-03-25 14:39 . 2008-03-25 14:40 1,510,816 ---hs---- C:\WINDOWS\system32\ajutddog.ini
2008-03-24 12:29 . 2008-03-25 14:40 1,541,443 ---hs---- C:\WINDOWS\system32\yppxeyoo.ini
2008-03-23 12:30 . 2008-03-23 17:30 1,505,714 ---hs---- C:\WINDOWS\system32\ridebbji.ini
2008-03-22 23:25 . 2008-03-22 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 23:25 . 2008-03-22 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 12:28 . 2008-03-23 12:28 1,505,594 ---hs---- C:\WINDOWS\system32\essukpro.ini
2008-03-21 12:30 . 2008-03-21 12:30 1,540,154 ---hs---- C:\WINDOWS\system32\tjgjbdry.ini
2008-03-20 16:33 . 2008-03-20 16:33 1,540,094 ---hs---- C:\WINDOWS\system32\dfttrnyf.ini
2008-03-19 12:54 . 2005-01-01 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-19 12:54 . 2007-01-08 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-03-19 12:54 . 2008-03-19 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-19 12:54 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-19 12:54 . 2007-01-07 16:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-19 12:54 . 2005-01-01 18:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-19 12:54 . 2005-01-01 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-19 12:54 . 2005-01-01 18:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-03-19 12:54 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-03-19 08:50 . 2008-03-19 08:50 263,192 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\setup_fr[1].exe
2008-03-19 04:09 . 2008-03-20 12:23 1,540,034 ---hs---- C:\WINDOWS\system32\ndllosyp.ini
2008-03-18 21:01 . 2008-03-19 12:51 268 --ah----- C:\sqmdata19.sqm
2008-03-18 21:01 . 2008-03-19 12:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-18 20:28 . 2008-03-19 12:33 244 --ah----- C:\sqmnoopt18.sqm
2008-03-18 20:28 . 2008-03-19 12:33 232 --ah----- C:\sqmdata18.sqm
2008-03-18 09:48 . 2008-03-19 11:49 244 --ah----- C:\sqmnoopt17.sqm
2008-03-18 09:48 . 2008-03-19 11:49 232 --ah----- C:\sqmdata17.sqm
2008-03-18 09:45 . 2008-03-19 09:12 244 --ah----- C:\sqmnoopt16.sqm
2008-03-18 09:45 . 2008-03-19 09:12 232 --ah----- C:\sqmdata16.sqm
2008-03-17 21:38 . 2008-03-19 12:05 471 --a------ C:\WINDOWS\cookies.MSNFix
2008-03-17 20:39 . 2008-03-19 08:29 244 --ah----- C:\sqmnoopt15.sqm
2008-03-17 20:39 . 2008-03-19 08:29 232 --ah----- C:\sqmdata15.sqm
2008-03-17 04:09 . 2008-03-18 04:11 1,333,063 ---hs---- C:\WINDOWS\system32\mttkejto.ini
2008-03-16 20:52 . 2008-03-19 07:46 244 --ah----- C:\sqmnoopt14.sqm
2008-03-16 20:52 . 2008-03-19 07:46 232 --ah----- C:\sqmdata14.sqm
2008-03-16 04:09 . 2008-03-16 20:51 1,339,888 ---hs---- C:\WINDOWS\system32\fhdqabmb.ini
2008-03-15 04:08 . 2008-03-15 04:09 1,339,416 ---hs---- C:\WINDOWS\system32\cwkaepgv.ini
2008-03-14 04:05 . 2008-03-15 04:06 1,368,292 ---hs---- C:\WINDOWS\system32\cvtsrjfq.ini
2008-03-13 04:04 . 2008-03-14 04:05 1,346,570 ---hs---- C:\WINDOWS\system32\mvyiaehm.ini
2008-03-13 04:01 . 2008-03-13 04:01 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 12:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2008-03-06 13:39 --------- d-----w C:\Program Files\eMule
2008-02-10 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 10:47 --------- d-----w C:\Program Files\Java
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-12-13 22:35 922 ----a-w C:\Program Files\INSTALL.LOG
2006-04-04 17:43 32,768 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_15.03.07.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-04-01 14:03:03 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-15 13:55 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 05:10 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"adiras"="adiras.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-01 16:03 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-19 09:53:20 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-08-17 23:16:06 962663]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-15 13:55:38 450560]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-04-11 07:44:08 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxvu]
gebxxvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfdca]
hggfdca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-01-07 20:08 372736 c:\progra~1\softwin\bitdef~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
--a------ 2005-03-11 19:53 90112 C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-04-06 15:09 33280 c:\progra~1\softwin\bitdef~1\bdswitch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-02-15 18:25]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24974748-2538-11dc-8ac1-00110910afd3}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd75a7a-96d1-11dc-8ad8-00110910afd3}]
\Shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd16db5e-bff1-11db-8a9c-4d6564696130}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:21:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-01 18:22:28
ComboFix-quarantined-files.txt 2008-04-01 16:22:19
ComboFix2.txt 2008-04-01 13:03:20
Pre-Run: 72,691,675,136 octets libres
Post-Run: 72,681,873,408 octets libres
.
2008-03-13 02:01:45 --- E O F ---

Re,

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

Re,

La manip n'a pas marché Suis bien les indications suivantes :

1) Télécharge ToolsCleaner, sur ton bureau.

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

• Clique sur Recherche et laisse le scan agir ...
• Clique sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
• Clique sur Quitter pour obtenir le rapport.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
• Tutorial ici :

2) Retélécharge Combofix et enregistre-le à la racine de ton disque dur, c'est à dire ici : C:\Combofix.exe >>> Ceci est très important !!!

3) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le à la racine de ton disque dur, soit sur C:\CFScript.txt >>> Très important là aussi !!!

4) Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

Re,

Evidemment, fais ce que je te dis et tu en seras débarrassé quand j'en aurais fini avec toi

voila déja le nouveau rapport combofix

ComboFix 08-03-30.5 - HP_Propriétaire 2008-04-01 19:23:56.4 - NTFSx86
Endroit: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\ajutddog.ini
C:\WINDOWS\system32\cvtsrjfq.ini
C:\WINDOWS\system32\cwkaepgv.ini
C:\WINDOWS\system32\dfttrnyf.ini
C:\WINDOWS\system32\essukpro.ini
C:\WINDOWS\system32\fhdqabmb.ini
C:\WINDOWS\system32\frkrcdvl.ini
C:\WINDOWS\system32\mttkejto.ini
C:\WINDOWS\system32\mvyiaehm.ini
C:\WINDOWS\system32\ndllosyp.ini
C:\WINDOWS\system32\ridebbji.ini
C:\WINDOWS\system32\tjgjbdry.ini
C:\WINDOWS\system32\yppxeyoo.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.MSNFix
C:\WINDOWS\system32\ajutddog.ini
C:\WINDOWS\system32\cvtsrjfq.ini
C:\WINDOWS\system32\cwkaepgv.ini
C:\WINDOWS\system32\dfttrnyf.ini
C:\WINDOWS\system32\essukpro.ini
C:\WINDOWS\system32\fhdqabmb.ini
C:\WINDOWS\system32\frkrcdvl.ini
C:\WINDOWS\system32\mttkejto.ini
C:\WINDOWS\system32\mvyiaehm.ini
C:\WINDOWS\system32\ndllosyp.ini
C:\WINDOWS\system32\ridebbji.ini
C:\WINDOWS\system32\tjgjbdry.ini
C:\WINDOWS\system32\yppxeyoo.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-04-01 19:21 . 2008-04-01 19:21 1,603,539 --a------ C:\ComboFix.exe
2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Program Files\Avira
2008-04-01 16:01 . 2008-04-01 16:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-01 14:42 . 2008-04-01 14:42 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-22 23:25 . 2008-03-22 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 23:25 . 2008-03-22 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 12:54 . 2005-01-01 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-19 12:54 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-19 12:54 . 2007-01-08 00:24 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-03-19 12:54 . 2008-03-19 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-19 12:54 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-19 12:54 . 2007-01-07 16:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-19 12:54 . 2005-01-01 18:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-19 12:54 . 2005-01-01 18:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-19 12:54 . 2005-01-01 18:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-03-19 12:54 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-03-19 08:50 . 2008-03-19 08:50 263,192 --a------ C:\Documents and Settings\HP_Propriétaire\Application Data\setup_fr[1].exe
2008-03-18 21:01 . 2008-03-19 12:51 268 --ah----- C:\sqmdata19.sqm
2008-03-18 21:01 . 2008-03-19 12:51 244 --ah----- C:\sqmnoopt19.sqm
2008-03-18 20:28 . 2008-03-19 12:33 244 --ah----- C:\sqmnoopt18.sqm
2008-03-18 20:28 . 2008-03-19 12:33 232 --ah----- C:\sqmdata18.sqm
2008-03-18 09:48 . 2008-03-19 11:49 244 --ah----- C:\sqmnoopt17.sqm
2008-03-18 09:48 . 2008-03-19 11:49 232 --ah----- C:\sqmdata17.sqm
2008-03-18 09:45 . 2008-03-19 09:12 244 --ah----- C:\sqmnoopt16.sqm
2008-03-18 09:45 . 2008-03-19 09:12 232 --ah----- C:\sqmdata16.sqm
2008-03-17 20:39 . 2008-03-19 08:29 244 --ah----- C:\sqmnoopt15.sqm
2008-03-17 20:39 . 2008-03-19 08:29 232 --ah----- C:\sqmdata15.sqm
2008-03-16 20:52 . 2008-03-19 07:46 244 --ah----- C:\sqmnoopt14.sqm
2008-03-16 20:52 . 2008-03-19 07:46 232 --ah----- C:\sqmdata14.sqm
2008-03-13 04:01 . 2008-03-13 04:01 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 12:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2008-03-06 13:39 --------- d-----w C:\Program Files\eMule
2008-02-10 11:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 10:47 --------- d-----w C:\Program Files\Java
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-12-13 22:35 922 ----a-w C:\Program Files\INSTALL.LOG
2006-04-04 17:43 32,768 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-15 13:55 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 05:10 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-01 16:03 249896]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-19 09:53:20 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-08-17 23:16:06 962663]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-15 13:55:38 450560]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-04-11 07:44:08 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-01-07 20:08 372736 c:\progra~1\softwin\bitdef~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
--a------ 2005-03-11 19:53 90112 C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-04-06 15:09 33280 c:\progra~1\softwin\bitdef~1\bdswitch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-02-15 18:25]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24974748-2538-11dc-8ac1-00110910afd3}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cd75a7a-96d1-11dc-8ad8-00110910afd3}]
\Shell\AutoRun\command - WD_Windows_Tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd16db5e-bff1-11db-8a9c-4d6564696130}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:26:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-01 19:27:13
ComboFix-quarantined-files.txt 2008-04-01 17:27:04
ComboFix2.txt 2008-04-01 16:57:38
Pre-Run: 72,637,038,592 octets libres
Post-Run: 72,607,973,376 octets libres
.
2008-03-13 02:01:45 --- E O F ---

Re,

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

Oui

Poste-moi le rapport d'antivir.

Re,

Il y a des chances que oui

Salut Merillym,

Le scan a pris pas mal de temps en fait, voici le rapport

AntiVir PersonalEdition Classic
Report file date: mardi 1 avril 2008 20:19

Scanning for 1173671 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: MARC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
ANTIVIR3.VDF : 7.0.3.103 76800 Bytes 01/04/2008 14:03:02
AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 01/04/2008 14:03:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 1 avril 2008 20:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: mercredi 2 avril 2008 01:59
Used time: 5:40:53 min

The scan has been done completely.

7804 Scanning directories
638684 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
638684 Files not concerned
16762 Archives were scanned
1 Warnings
52 Notes

S'ils sont en quarantaine, laisse-les pour le moment, on s'en occupera après

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

voila le dernier scan Antivir, tout semble ok

AntiVir PersonalEdition Classic
Report file date: jeudi 3 avril 2008 11:10

Scanning for 1175294 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MARC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:03:02
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:03:02
ANTIVIR3.VDF : 7.0.3.108 97792 Bytes 02/04/2008 14:03:10
AVEWIN32.DLL : 7.6.0.80 3420672 Bytes 02/04/2008 14:03:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 14:03:03
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 3 avril 2008 11:10

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TRENDnet.exe' - '1' Module(s) have been scanned
Scan process 'SmartUI.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: jeudi 3 avril 2008 12:29
Used time: 1:19:38 min

The scan has been done completely.

7998 Scanning directories
643194 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
643194 Files not concerned
16765 Archives were scanned
2 Warnings
52 Notes