virus insuprimable

Salut,

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

desolé du temps que ca a mis ca marché pas j'ai du mettre en mode sans echec pour que ca marche

Search Navipromo version 3.5.4 commencé le 22/04/2008 à 18:10:09,92

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Executé en mode sans échec

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\dark\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\dark\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" :

sxdhnygc.dat trouvé !
sxdhnygc_nav.dat trouvé !
sxdhnygc_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/04/2008 à 18:14:30,70 ***

Re,

Double clique sur le raccourci de navilog1.
Option 2 puis valide. (entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.

Ton bureau va disparaître.

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

Montorgueil ; VIP

~~> Supprime-les si présents ! (pas les autres) <~~

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

+++++++++++

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)

Clean Navipromo version 3.5.4 commencé le 22/04/2008 à 18:33:11,31

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Executé en mode sans échec


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\dark\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\dark\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" *

sxdhnygc.dat trouvé !
Copie sxdhnygc.dat réalisée avec succès !
sxdhnygc.dat supprimé !

sxdhnygc_nav.dat trouvé !
Copie sxdhnygc_nav.dat réalisée avec succès !
sxdhnygc_nav.dat supprimé !

sxdhnygc_navps.dat trouvé !
Copie sxdhnygc_navps.dat réalisée avec succès !
sxdhnygc_navps.dat supprimé !

sxdhnygc.exe trouvé !
Copie sxdhnygc.exe réalisée avec succès !
sxdhnygc.exe supprimé !

C:\WINDOWS\prefetch\sxdhnygc*.pf trouvé !
Copie C:\WINDOWS\prefetch\sxdhnygc*.pf réalisée avec succès !
C:\WINDOWS\prefetch\sxdhnygc*.pf supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 22/04/2008 à 18:33:45,78 ***

Logfile of HijackThis v1.99.1
Scan saved at 18:38:17, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] "C:\Documents and Settings\dark\Bureau\.//..//win.exe" /r
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

Ton windows est légal ?

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

re


SDFix: Version 1.173
Run by dark on 22/04/2008 at 19:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MRT82
TXB14

Path :
\??\C:\WINDOWS\System32\drivers\Mrt82.sys
\??\C:\WINDOWS\System32\drivers\Txb14.sys

MRT82 - Deleted
TXB14 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\AGL.EXE - Deleted
C:\WINDOWS\SYSTEM32\DLOAD.EXE - Deleted
C:\WINDOWS\SYSTEM32\EUROBAR.EXE - Deleted
C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\HPPRINT.EXE - Deleted
C:\WINDOWS\SYSTEM32\RE1.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUNDLL.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCRCON~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCREEN~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCRICON.EXE - Deleted
C:\WINDOWS\SYSTEM32\SCVHOSTS.EXE - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~2.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSVO1.EXE - Deleted
C:\WINDOWS\SYSTEM32\UM.EXE - Deleted
C:\WINDOWS\SYSTEM32\VMWARE.EXE - Deleted
C:\Documents and Settings\dark\Bureau\hijackthis\abcde.exe.exe - Deleted
C:\WINDOWS\system32\setup_34660.exe - Deleted
C:\WINDOWS\system32\setup_46281.exe - Deleted
C:\WINDOWS\system32\TFTP2728 - Deleted
C:\Documents and Settings\dark\win.exe - Deleted
C:\WINDOWS\system32\dload.exe - Deleted
C:\WINDOWS\system32\hpprint.exe - Deleted
C:\WINDOWS\system32\rundll.exe - Deleted
C:\WINDOWS\system32\scvhosts.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\WLCtrl32.dl_ - Deleted
C:\WINDOWS\system32\drivers\MRT82.sys - Deleted
C:\WINDOWS\system32\drivers\OSV25.sys - Deleted
C:\WINDOWS\system32\drivers\OTV47.sys - Deleted
C:\WINDOWS\system32\drivers\QUX71.sys - Deleted
C:\WINDOWS\system32\drivers\TXB14.sys - Deleted
C:\WINDOWS\system32\drivers\TYB36.sys - Deleted
C:\WINDOWS\system32\drivers\UYC36.sys - Deleted
C:\WINDOWS\system32\drivers\VAD13.sys - Deleted
C:\WINDOWS\system32\drivers\VAD58.sys - Deleted
C:\WINDOWS\system32\drivers\VBD25.sys - Deleted
C:\WINDOWS\system32\drivers\WBE81.sys - Deleted
C:\WINDOWS\system32\drivers\XCF14.sys - Deleted
C:\WINDOWS\system32\drivers\XCF36.sys - Deleted
C:\WINDOWS\system32\drivers\XCG35.sys - Deleted
C:\WINDOWS\system32\drivers\XCG81.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:10:25
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0e,8e,33,8d,cb,c0,38,a0,2b,26,38,8d,b6,f9,53,df,fe,a0,f2,0d,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,02,67,f3,28,aa,10,6c,1f,96,41,f7,15,b2,d0,be,45,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,12,e2,6e,33,28,bf,72,08,b0,4f,c4,ef,95,00,3e,5e,36,a6,01,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ae5f6331
"s2"=dword:592db0a8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 Mar 2007 195 ..SH. --- "C:\BOOT.BAK"
Mon 16 Jul 2007 6,464 A..H. --- "C:\WINDOWS\system32\ptnyjxat.exe"
Tue 15 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 22 Jul 2007 444 ...HR --- "C:\Documents and Settings\dark\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Re,

Reposte un HijackTHis.

Logfile of HijackThis v1.99.1
Scan saved at 19:55:01, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Systran\Classic3.0\sysclass.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

Search Navipromo version 3.5.4 commencé le 22/04/2008 à 20:06:18,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "dark"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2800.1106
Système de fichiers : NTFS

Executé en mode sans échec

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\dark\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\dark\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\dark\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\dark\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 22/04/2008 à 20:08:32,46 ***

Re,

Reposte un HijackthiS.

re

Logfile of HijackThis v1.99.1
Scan saved at 22:25:23, on 22/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Systran\Classic3.0\sysclass.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re,

Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Ouvre Antivir, Vérifie qu’il soit bien à jour ! ; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).

re
pendant l'instalation de antivir un ecran bleu est apparu ca disé vidange de la memoire physique vers disk dur

re




Avira AntiVir Personal
Report file date: mardi 22 avril 2008 23:30

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM


Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 22 avril 2008 23:30

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'spfprc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '0' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\dark\Bureau\catchme.zip
[0] Archive type: ZIP
--> MRT82.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> OSV25.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> OTV47.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> QUX71.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> TXB14.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> TYB36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> UYC36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VAD13.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VAD58.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> VBD25.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WBE81.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCF14.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCF36.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCG35.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> XCG81.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825a01.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/WLCtrl32.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backups/WLCtrl32.dl_
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4871604a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0108922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60d5.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0109922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60d9.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0110922.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60de.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0111989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60eb.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0112989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60ef.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP251\A0113989.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f60f3.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0114087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6101.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0115087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6105.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0116087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6107.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0117087.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f610b.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0119105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6116.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0120105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f611a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0121105.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f611e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0121111.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6127.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\A0122111.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f612a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536146.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP252\snapshot\MFEX-2.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536147.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122185.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6135.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122240.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6152.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0122245.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6154.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123240.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6155.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123244.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4958285e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123246.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6157.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123254.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0123255.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6167.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124255.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6169.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124265.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f616e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124890.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61af.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0124898.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0125268.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b6.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0126268.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61b9.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0127278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61be.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0129278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c1.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0130278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c4.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\A0132278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61c8.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP253\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '485361e0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0133278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ce.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0133341.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61d2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0134278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61d6.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0135278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61da.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136278.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136291.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0136344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61e8.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0137344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ea.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0138344.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61ec.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0138354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61f0.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0139354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f61f2.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0140354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0141354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6205.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0142354.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6209.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0143419.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f620e.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0143482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6213.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0144482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6216.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0145482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f621a.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146482.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f621f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146496.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6224.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146497.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6225.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146498.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6228.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146499.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622b.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146500.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622d.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146501.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f622f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146502.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6231.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146503.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6233.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0146554.sys
[0] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6238.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0148504.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f623c.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0148515.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f623f.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149515.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6241.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149580.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f6247.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149650.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '483f624d.qua'!
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48536276.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 23 avril 2008 00:21
Used time: 50:58 min

The scan has been done completely.

2894 Scanning directories
150026 Files were scanned
87 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
70 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
149939 Files not concerned
1812 Archives were scanned
4 Warnings
70 Notes

Tu ne m'as pas répondu tout à l'heure.
Ton Windows est-il légal ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

re

non pas legalle xp


23/04/2008 a 16:39:47,38

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

Re,

Il faut que tu t'achètes une clef légale  
Sinon tu ne bénéficie pas des mises à jour => Infections, failles de sécurité.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

re

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 673

Type de recherche: Examen complet (C:\|)
Eléments examinés: 65801
Temps écoulé: 20 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Failed to unload process.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbxxuvtq.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Application (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149604.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{317678DD-316C-448C-BE1C-61FACAA47A29}\RP254\A0149649.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbxxuvtq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Delete on reboot.



avir trouve des trojans il me dit plusieur option deny acess delete ou quarantaine je choisi quoi ?

Quarantaine.

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

re
j'ai plein de vundo et je sais pas ce qui c'est passé mais depuis ma reponse impossible de me connecté je vien juste d'y arriver

re

ComboFix 08-04-22.5 - dark 2008-04-23 20:17:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.654 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msettings.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cbxxuvtq.dll
C:\WINDOWS\system32\dvsgabir.dll
C:\WINDOWS\system32\nnnnljhf.dll
C:\WINDOWS\system32\nnqtuutv.ini
C:\WINDOWS\system32\nnqtuutv.ini2
C:\WINDOWS\system32\ribagsvd.ini
C:\WINDOWS\system32\rqroomkh.dll
C:\WINDOWS\system32\vtuutqnn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 20:03 . 2008-04-23 20:03 53,248 --a------ C:\WINDOWS\system32\pdvwoilg.exe
2008-04-23 20:03 . 2008-04-23 20:03 34,788 --a------ C:\WINDOWS\system32\vssosbwc.exe
2008-04-23 20:03 . 2008-04-23 20:03 23,040 --a------ C:\WINDOWS\system32\fidm.exe
2008-04-23 19:16 . 2008-04-23 19:16 34,788 --a------ C:\WINDOWS\system32\qkbdle.exe
2008-04-23 19:02 . 2008-04-23 19:02 34,788 --a------ C:\WINDOWS\system32\ibqlhxi.exe
2008-04-23 18:58 . 2008-04-23 18:58 34,788 --a------ C:\WINDOWS\system32\mcehm.exe
2008-04-23 18:46 . 2008-04-23 18:46 34,788 --a------ C:\WINDOWS\system32\peyymlwx.exe
2008-04-23 18:35 . 2008-04-23 18:35 128 --a------ C:\WINDOWS\system32\zhipuu.bat
2008-04-23 18:34 . 2008-04-23 18:34 34,788 --a------ C:\WINDOWS\system32\byqfxlk.exe
2008-04-23 18:14 . 2008-04-23 18:14 34,788 --a------ C:\WINDOWS\system32\fmdbh.exe
2008-04-23 18:12 . 2008-04-23 18:12 109,738 --a------ C:\WINDOWS\BM3f520d71.xml
2008-04-23 17:57 . 2008-04-23 17:57 34,788 --a------ C:\WINDOWS\system32\qfgdgrm.exe
2008-04-23 17:54 . 2008-04-23 17:54 34,788 --a------ C:\WINDOWS\system32\ylxgw.exe
2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
2008-04-23 17:33 . 2008-04-23 17:33 34,788 --a------ C:\WINDOWS\system32\mfsspuqx.exe
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 16:40 . 2008-04-23 16:40 1,183,256 --a------ C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 15:00 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
"sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-17 21:16 185896]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Advanced DHTML Enable"="C:\WINDOWS\System32\lhlrcdb.exe" [ ]
"Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S0 Bfi13;Bfi13;C:\WINDOWS\System32\Drivers\Bfi13.sys []
S0 Hlo36;Hlo36;C:\WINDOWS\System32\Drivers\Hlo36.sys []
S0 Nru14;Nru14;C:\WINDOWS\System32\Drivers\Nru14.sys []
S0 Pux14;Pux14;C:\WINDOWS\System32\Drivers\Pux14.sys []
S0 Twa03;Twa03;C:\WINDOWS\System32\Drivers\Twa03.sys []
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 Dik36;Dik36;C:\WINDOWS\System32\drivers\Dik36.sys []
S3 Fjm03;Fjm03;C:\WINDOWS\System32\drivers\Fjm03.sys []
S3 Gkn14;Gkn14;C:\WINDOWS\System32\drivers\Gkn14.sys []
S3 Jnr47;Jnr47;C:\WINDOWS\System32\drivers\Jnr47.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 Osw25;Osw25;C:\WINDOWS\System32\drivers\Osw25.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 Swa82;Swa82;C:\WINDOWS\System32\drivers\Swa82.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 21:03:54
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-23 21:05:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 19:05:54

Pre-Run: 9,251,545,088 octets libres
Post-Run: 9,237,438,464 octets libres

308

Re,

Il en reste.
Bien infecté dis-donc.

Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...

*******

Copie le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

gros probleme internet


ComboFix 08-04-22.5 - dark 2008-04-23 22:20:25.2 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.803 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\dark\Mes documents\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\system32\byqfxlk.exe
C:\WINDOWS\System32\Drivers\Bfi13.sys
C:\WINDOWS\System32\drivers\Dik36.sys
C:\WINDOWS\System32\drivers\Fjm03.sys
C:\WINDOWS\System32\drivers\Gkn14.sys
C:\WINDOWS\System32\Drivers\Hlo36.sys
C:\WINDOWS\System32\drivers\Jnr47.sys
C:\WINDOWS\System32\Drivers\Nru14.sys
C:\WINDOWS\System32\drivers\Osw25.sys
C:\WINDOWS\System32\Drivers\Pux14.sys
C:\WINDOWS\System32\drivers\Swa82.sys
C:\WINDOWS\System32\Drivers\Twa03.sys
C:\WINDOWS\system32\fidm.exe
C:\WINDOWS\system32\fmdbh.exe
C:\WINDOWS\system32\ibqlhxi.exe
C:\WINDOWS\system32\mcehm.exe
C:\WINDOWS\system32\mfsspuqx.exe
C:\WINDOWS\system32\pdvwoilg.exe
C:\WINDOWS\system32\peyymlwx.exe
C:\WINDOWS\system32\qfgdgrm.exe
C:\WINDOWS\system32\qkbdle.exe
C:\WINDOWS\system32\vssosbwc.exe
C:\WINDOWS\System32\wbem\scrcons32.exe
C:\WINDOWS\system32\ylxgw.exe
C:\WINDOWS\system32\zhipuu.bat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\upload_moi_DARK-VXA6G6CSLW.tar.gz
C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\system32\awtqrppo.dll
C:\WINDOWS\system32\byqfxlk.exe
C:\WINDOWS\system32\byxxwvwx.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\fmdbh.exe
C:\WINDOWS\system32\hggeddbx.dll
C:\WINDOWS\system32\i\
C:\WINDOWS\system32\ibqlhxi.exe
C:\WINDOWS\system32\mcehm.exe
C:\WINDOWS\system32\mfsspuqx.exe
C:\WINDOWS\system32\peyymlwx.exe
C:\WINDOWS\system32\qfgdgrm.exe
C:\WINDOWS\system32\qkbdle.exe
C:\WINDOWS\system32\urqpmkli.dll
C:\WINDOWS\system32\vssosbwc.exe
C:\WINDOWS\system32\ylxgw.exe
C:\WINDOWS\system32\zhipuu.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PUX14
-------\Service_Bfi13
-------\Service_Dik36
-------\Service_Fjm03
-------\Service_Gkn14
-------\Service_Hlo36
-------\Service_Jnr47
-------\Service_Nru14
-------\Service_Osw25
-------\Service_Pux14
-------\Service_Swa82
-------\Service_Twa03


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 22:23 . 2008-04-23 22:23 34,788 --a------ C:\WINDOWS\system32\oisni.exe
2008-04-23 22:20 . 2008-04-23 22:20 34,788 --a------ C:\WINDOWS\system32\vremvbts.exe
2008-04-23 22:20 . 2008-04-23 22:20 23,040 --a------ C:\WINDOWS\system32\ylsgvhs.exe
2008-04-23 22:13 . 2008-04-23 22:13 126 --a------ C:\WINDOWS\system32\fwcr.bat
2008-04-23 22:13 . 2008-04-23 22:13 116 --a------ C:\WINDOWS\system32\gvfvmt.bat
2008-04-23 22:10 . 2008-04-23 22:10 34,788 --a------ C:\WINDOWS\system32\zoafd.exe
2008-04-23 22:10 . 2008-04-23 22:10 23,040 --a------ C:\WINDOWS\system32\zogcjuf.exe
2008-04-23 21:51 . 2008-04-23 21:51 0 -ra------ C:\WINDOWS\system32\TFTP1140
2008-04-23 21:31 . 2008-04-23 21:31 34,788 --a------ C:\WINDOWS\system32\ahunjjr.exe
2008-04-23 21:11 . 2008-04-23 21:11 34,788 --a------ C:\WINDOWS\system32\fhosnm.exe
2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 19:22 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
"sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Windows Logon Application"="C:\WINDOWS\System32\winIogon.exe" [2001-08-28 14:00 63963]
"Windows Explorer"="C:\WINDOWS\System32\explorer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 22:23:53
Windows 5.1.2600 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-23 22:26:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 20:26:28
ComboFix2.txt 2008-04-23 19:06:01

Pre-Run: 9,243,000,832 octets libres
Post-Run: 9,230,839,808 octets libres

329

en mode normal mon ordi se fige tres souvent et pas d'internet
ca marche que en mode sans echec

re

je dois faire quoi maintenant ??

Re,

Refais un scan Combofix, poste son rapport .

re

ComboFix 08-04-22.5 - dark 2008-04-24 19:10:32.3 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.784 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\brtsrauq.dll
C:\WINDOWS\system32\klnonmoq.ini
C:\WINDOWS\system32\klnonmoq.ini2
C:\WINDOWS\system32\mlmfulrs.dll
C:\WINDOWS\system32\paemerhm.dll
C:\WINDOWS\system32\qomnonlk.dll
C:\WINDOWS\system32\srlufmlm.ini
C:\WINDOWS\system32\vturopqr.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-24 19:14 . 5,894 C:\a.bat
2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
2008-04-24 01:44 . 2008-04-24 01:49 1,511,910 --------- C:\WINDOWS\system32\nod64.exe
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
2008-04-23 23:47 . 2008-04-23 23:47 0 -ra------ C:\WINDOWS\system32\TFTP1372
2008-04-23 23:10 . 2008-04-23 23:34 1,540,626 ---hs---- C:\WINDOWS\system32\dsfupdnw.ini
2008-04-23 23:10 . 2008-04-24 14:37 109,776 --a------ C:\WINDOWS\BM3f520d71.xml
2008-04-23 22:59 . 2008-04-23 22:59 34,788 --a------ C:\WINDOWS\system32\bxacmrf.exe
2008-04-23 22:59 . 2008-04-23 22:59 23,040 --------- C:\WINDOWS\system32\gncksza.exe
2008-04-23 22:23 . 2008-04-23 22:23 34,788 --a------ C:\WINDOWS\system32\oisni.exe
2008-04-23 22:20 . 2008-04-23 22:20 34,788 --a------ C:\WINDOWS\system32\vremvbts.exe
2008-04-23 22:20 . 2008-04-23 22:20 23,040 --a------ C:\WINDOWS\system32\ylsgvhs.exe
2008-04-23 22:13 . 2008-04-23 22:13 126 --a------ C:\WINDOWS\system32\fwcr.bat
2008-04-23 22:13 . 2008-04-23 22:13 116 --a------ C:\WINDOWS\system32\gvfvmt.bat
2008-04-23 22:10 . 2008-04-23 22:10 34,788 --a------ C:\WINDOWS\system32\zoafd.exe
2008-04-23 22:10 . 2008-04-23 22:10 23,040 --a------ C:\WINDOWS\system32\zogcjuf.exe
2008-04-23 21:51 . 2008-04-23 21:51 0 -ra------ C:\WINDOWS\system32\TFTP1140
2008-04-23 21:31 . 2008-04-23 21:31 34,788 --a------ C:\WINDOWS\system32\ahunjjr.exe
2008-04-23 21:11 . 2008-04-23 21:11 34,788 --a------ C:\WINDOWS\system32\fhosnm.exe
2008-04-23 17:34 . 2008-04-23 18:48 61 --a------ C:\WINDOWS\system32\i
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:09 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 18:12 34,788 ----a-w C:\WINDOWS\system32\tgygoem.exe
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-27 20:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
2008-02-21 13:38 355,984 ----a-w C:\WINDOWS\system32\winhttp.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3E3594F-B1DD-4484-9E41-C839E24EB28E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF547813-2C2A-489B-8156-590294D3B34F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
"sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Advanced DHTML Enable"="C:\WINDOWS\System32\gncksza.exe" [2008-04-23 22:59 23040]
"Nod32 Service"="nod64.exe" [2008-04-24 01:49 1511910 C:\WINDOWS\system32\nod64.exe]
"@"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Nod32 Service"="nod64.exe" [2008-04-24 01:49 1511910 C:\WINDOWS\system32\nod64.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"}"= }:Nod32 Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 14:00]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 19:13:51
Windows 5.1.2600 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 19:16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 17:16:31
ComboFix2.txt 2008-04-23 20:26:35
ComboFix3.txt 2008-04-23 19:06:01

Pre-Run: 2,700,824,576 octets libres
Post-Run: 2,714,988,544 octets libres

302

Re,

Copie le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

ComboFix 08-04-22.5 - dark 2008-04-24 20:43:12.4 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.720 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\dark\Mes documents\cfscript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\system32\ahunjjr.exe
C:\WINDOWS\system32\bxacmrf.exe
C:\WINDOWS\system32\dsfupdnw.ini
C:\WINDOWS\system32\fhosnm.exe
C:\WINDOWS\system32\fwcr.bat
C:\WINDOWS\system32\gncksza.exe
C:\WINDOWS\System32\gncksza.exe
C:\WINDOWS\system32\gvfvmt.bat
C:\WINDOWS\system32\i
C:\WINDOWS\system32\nod64.exe
C:\WINDOWS\system32\oisni.exe
C:\WINDOWS\system32\TFTP1140
C:\WINDOWS\system32\TFTP1372
C:\WINDOWS\system32\tgygoem.exe
C:\WINDOWS\system32\vremvbts.exe
C:\WINDOWS\System32\wbem\scrcons32.exe
C:\WINDOWS\system32\ylsgvhs.exe
C:\WINDOWS\system32\zoafd.exe
C:\WINDOWS\system32\zogcjuf.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\system32\ahunjjr.exe
C:\WINDOWS\system32\bxacmrf.exe
C:\WINDOWS\system32\dsfupdnw.ini
C:\WINDOWS\system32\fhosnm.exe
C:\WINDOWS\system32\fwcr.bat
C:\WINDOWS\system32\gncksza.exe
C:\WINDOWS\system32\gvfvmt.bat
C:\WINDOWS\system32\i
C:\WINDOWS\system32\nod64.exe
C:\WINDOWS\system32\oisni.exe
C:\WINDOWS\system32\TFTP1140
C:\WINDOWS\system32\TFTP1372
C:\WINDOWS\system32\tgygoem.exe
C:\WINDOWS\system32\vremvbts.exe
C:\WINDOWS\system32\ylsgvhs.exe
C:\WINDOWS\system32\zoafd.exe
C:\WINDOWS\system32\zogcjuf.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IISADMIN
-------\Legacy_ImapiService
-------\Legacy_SMTPSVC
-------\Service_IISADMIN
-------\Service_ImapiService
-------\Service_SMTPSVC


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
2008-04-23 20:12 . 2008-04-23 20:12 0 -ra------ C:\WINDOWS\system32\TFTP2184
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-22 19:12 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 18:44 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"}"= }:Nod32 Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 20:46:05
Windows 5.1.2600 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 20:48:57 - machine was rebooted [dark]
ComboFix-quarantined-files.txt 2008-04-24 18:48:55
ComboFix2.txt 2008-04-24 17:16:37
ComboFix3.txt 2008-04-23 20:26:35
ComboFix4.txt 2008-04-23 19:06:01

Pre-Run: 2,723,704,832 octets libres
Post-Run: 2,711,666,688 octets libres

194

alors docteur quel est le diagnostique ?  

C'est mieux ?

Repasse SDFix stp qu'on a vu un peu plus tôt.

Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.reg
Double-clique dessus, accepte l’inscription des données.

oui ca va mieux

j'ai une fenetre noire qui est apparu genre 1 ou 2 seconde mais ca a rien fait c'est normal ?

internet ca va mieu mais l'ordi redémarre d'un coup

Normal, la fenêtre noire. L'ordi a redémarré après la fenêtre noire ou comme ça ?

Poste le rapport SDFix.

non comme ca apres la fenetre j'ai rebooté et au bout de genre 5 min il a reboot tout seul

ya pas eu de rapport

Regarde dans le dossier SDFix..

deja verifier il y a juste l'ancien

j'ai refait sdfix voila le rapport


SDFix: Version 1.173
Run by dark on 24/04/2008 at 23:11

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\C.EXE - Deleted
C:\WINDOWS\system32\c.exe - Deleted
C:\WINDOWS\system32\TFTP2184 - Deleted
C:\WINDOWS\system32\i - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 23:15:15
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0e,8e,33,8d,cb,c0,38,a0,2b,26,38,8d,b6,f9,53,df,fe,a0,f2,0d,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,02,67,f3,28,aa,10,6c,1f,96,41,f7,15,b2,d0,be,45,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:94,12,e2,6e,33,28,bf,72,08,b0,4f,c4,ef,95,00,3e,5e,36,a6,01,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ae5f6331
"s2"=dword:592db0a8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000]
"Service"="oreans32"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="oreans32"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\0021"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_OREANS32\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,44,25,5c,e6,21,b1,34,ac,89,4a,3e,3d,90,6e,a6,07,0e,c2,f3,7e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,86,df,6b,5b,4f,6b,cc,d9,32,dd,c5,24,56,31,e1,54,68,..
"khjeh"=hex:95,1d,f3,96,71,44,72,df,87,62,04,ba,64,a0,ca,33,1a,1c,0e,1f,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:47,64,8e,48,97,a4,5e,94,59,55,93,6e,2c,40,49,8a,cc,a2,fc,ee,be,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"}?"="}?:*:Enabled:Nod32 Service"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 Mar 2007 195 ..SH. --- "C:\BOOT.BAK"
Mon 16 Jul 2007 6,464 A..H. --- "C:\WINDOWS\system32\ptnyjxat.exe"
Tue 15 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 22 Jul 2007 444 ...HR --- "C:\Documents and Settings\dark\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Repasse Combofix, poste son rapport ..

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.
Double-clique sur Gmer.exe.

Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Tout.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et poste le contenu ici.

ComboFix 08-04-22.5 - dark 2008-04-25 1:36:52.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.601 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-25 01:36 . 2008-04-25 01:36 12,288 -ra------ C:\WINDOWS\system32\TFTP3420
2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-24 23:17 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 23:52 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 18:55 --------- d-----w C:\Program Files\Azureus
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-27 20:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
2008-02-21 13:38 355,984 ----a-w C:\WINDOWS\system32\winhttp.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F133AE-C64F-4A3A-BE60-985CAB9E9F1C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3E3594F-B1DD-4484-9E41-C839E24EB28E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B522B44B-BC97-46FB-924E-E52CAB1132CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7301bce-fabe-4d89-91f9-9bdfef75b299}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7A08523-027D-4CDB-8FB7-BE8F089E7E10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F06242-D1F7-4B5E-8686-E42FD412827A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF547813-2C2A-489B-8156-590294D3B34F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 864768]
"sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"}"= }:Nod32 Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 01:54:28
Windows 5.1.2600 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 1:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 23:57:05
ComboFix2.txt 2008-04-24 18:48:58
ComboFix3.txt 2008-04-24 17:16:37
ComboFix4.txt 2008-04-23 20:26:35
ComboFix5.txt 2008-04-23 19:06:01

Pre-Run: 10,639,560,704 octets libres
Post-Run: 10,644,062,208 octets libres

264

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-25 02:14:31
Windows 5.1.2600


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwEnumerateKey [0xF773D84E]
SSDT sptd.sys ZwEnumerateValueKey [0xF773DBEE]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867DA1D8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

---- EOF - GMER 1.0.14 ----

Le rapport Gmer est complet ? (Juste pour savoir).

On dirait que l'infection se recrée ..  

Peux-tu poster un rapport HijackThis stp ?
Après on essaiera un nouveau script ComboFix.

**********

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.

Logfile of HijackThis v1.99.1
Scan saved at 14:15:39, on 25/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dark\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F133AE-C64F-4A3A-BE60-985CAB9E9F1C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10} - (no file)
O2 - BHO: (no name) - {A3E3594F-B1DD-4484-9E41-C839E24EB28E} - (no file)
O2 - BHO: (no name) - {B522B44B-BC97-46FB-924E-E52CAB1132CF} - (no file)
O2 - BHO: (no name) - {b7301bce-fabe-4d89-91f9-9bdfef75b299} - (no file)
O2 - BHO: (no name) - {C7A08523-027D-4CDB-8FB7-BE8F089E7E10} - (no file)
O2 - BHO: (no name) - {C8F06242-D1F7-4B5E-8686-E42FD412827A} - (no file)
O2 - BHO: (no name) - {CF547813-2C2A-489B-8156-590294D3B34F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [sxdhnygc] c:\documents and settings\dark\local settings\application data\sxdhnygc.exe sxdhnygc
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Classic3.0\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Classic3.0\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Classic3.0\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Classic3.0\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Classic3.0\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Classic3.0\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Classic3.0\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/170a340095a3bd7e8c19/netzip...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxxuvtq - C:\WINDOWS\
O20 - Winlogon Notify: nnnnljhf - C:\WINDOWS\
O20 - Winlogon Notify: vturopqr - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

internet redecone impossible de passé kapersky je crois que c'est de nouveau infecté

Essaie en mode sans échec avec prise en charge réseau pour voir .. (pas via MSConfig).

Sinon poste un nouveau ComboFix.

internet marche que en mode sans echec et ca marche pas longtemp

ComboFix 08-04-22.5 - dark 2008-04-25 16:55:58.6 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.802 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcfilnnn.ini
C:\WINDOWS\system32\bcfilnnn.ini2
C:\WINDOWS\system32\khfgefdb.dll
C:\WINDOWS\system32\nnnlifcb.dll
C:\WINDOWS\system32\vtusqonl.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.

2008-04-25 16:18 . 2008-04-25 16:18 73,216 -ra------ C:\WINDOWS\system32\TFTP476
2008-04-25 15:17 . 2008-04-25 15:18 73,216 -ra------ C:\WINDOWS\system32\TFTP1056
2008-04-25 15:17 . 2008-04-25 16:51 20,810 --a------ C:\pickice.exe
2008-04-25 14:52 . 2008-04-25 14:52 73,216 -ra------ C:\WINDOWS\system32\antiv.exe
2008-04-25 14:46 . 2008-04-25 14:46 44,516 --a------ C:\WINDOWS\system32\ktwod.exe
2008-04-25 14:46 . 2008-04-25 14:46 32,768 --------- C:\WINDOWS\system32\kdhaeah.exe
2008-04-25 14:38 . 2008-04-25 14:38 44,516 --a------ C:\WINDOWS\system32\bjagn.exe
2008-04-25 14:38 . 2008-04-25 14:38 32,768 --------- C:\WINDOWS\system32\zsoppehb.exe
2008-04-25 14:37 . 2008-04-25 14:37 109,738 --a------ C:\WINDOWS\BM3f520d71.xml
2008-04-25 14:19 . 2008-04-25 14:19 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 14:19 . 2008-04-25 14:19 44,516 --a------ C:\WINDOWS\system32\qipp.exe
2008-04-25 14:19 . 2008-04-25 14:19 32,768 --a------ C:\WINDOWS\system32\olubvuvs.exe
2008-04-25 02:08 . 2008-04-25 02:14 250 --a------ C:\WINDOWS\gmer.ini
2008-04-25 01:36 . 2008-04-25 01:36 12,288 -ra------ C:\WINDOWS\system32\TFTP3420
2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-24 23:17 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 14:48 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-25 12:55 --------- d-----w C:\Program Files\Azureus
2008-04-25 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
.

------- Sigcheck -------

2001-08-28 14:00 1014784 637538190cdfdbafb7f66c6d50a34ee7 C:\WINDOWS\explorer.exe
2001-08-28 14:00 1014784 68ee774beb36a19db336d1902963d6d2 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-28 14:00 23040 b8f6c0adeafd733c51cee12a1c9ba30d C:\WINDOWS\system32\ctfmon.exe
2001-08-28 14:00 23040 7aae9ac8d29290e870fa9f8139a41135 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 874496]
"sxdhnygc"="c:\documents and settings\dark\local settings\application data\sxdhnygc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 65024 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1634304 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 274689]
"Advanced DHTML Enable"="C:\WINDOWS\System32\zsoppehb.exe" [2008-04-25 14:38 32768]
"3c613eed"="C:\WINDOWS\System32\scxayebw.dll" [ ]
"Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" [ ]
"Microsoft Anivirus Monitor Process"="antiv.exe" [2008-04-25 14:52 73216 C:\WINDOWS\system32\antiv.exe]
"BM3f520d71"="C:\WINDOWS\System32\kdumptga.dll" [ ]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-04-25 16:59 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Anivirus Monitor Process"="antiv.exe" [2008-04-25 14:52 73216 C:\WINDOWS\system32\antiv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuvtq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnljhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturopqr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aeh57.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi13.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhk58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dik36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ejl47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fkm71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gkn14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlo36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hlp68.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmo71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inp47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq13.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnq81.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jnr47.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Joq82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kor14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps35.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps46.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lps71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mrt82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nru14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osw25.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otv14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ptw58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qux81.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swa82.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa03.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyb36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyc36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vae58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbe14.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe25.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wbe58.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wcf71.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ydh71.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"}"= }:Nod32 Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 16:59:06
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\TEMP\DIL4.tmp
C:\WINDOWS\mrofinu1001186.exexe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 17:01:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 15:01:46
ComboFix2.txt 2008-04-24 23:57:12
ComboFix3.txt 2008-04-24 18:48:58
ComboFix4.txt 2008-04-24 17:16:37
ComboFix5.txt 2008-04-23 20:26:35

Pre-Run: 9,822,003,200 octets libres
Post-Run: 9,706,815,488 octets libres

288

oula ! Tout revient !  

Bon on fait un script, et direct après le redémarrage de Combofix, tu tentes un scan en ligne, OK?
Si ça ne marche toujours, pas fais une analyse complète avec AntiVir en mode sans échec, puis poste son rapport.

Copie le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

ComboFix 08-04-22.5 - dark 2008-04-25 17:54:52.7 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.784 [GMT 2:00]
Endroit: C:\Documents and Settings\dark\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\dark\Mes documents\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\pickice.exe
C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\antiv.exe
C:\WINDOWS\system32\bjagn.exe
C:\WINDOWS\system32\kdhaeah.exe
C:\WINDOWS\system32\ktwod.exe
C:\WINDOWS\system32\olubvuvs.exe
C:\WINDOWS\system32\qipp.exe
C:\WINDOWS\system32\TFTP1056
C:\WINDOWS\system32\TFTP3420
C:\WINDOWS\system32\TFTP476
C:\WINDOWS\System32\wbem\scrcons32.exe
C:\WINDOWS\System32\zsoppehb.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pickice.exe
C:\WINDOWS\BM3f520d71.xml
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\antiv.exe
C:\WINDOWS\system32\bjagn.exe
C:\WINDOWS\system32\kdhaeah.exe
C:\WINDOWS\system32\ktwod.exe
C:\WINDOWS\system32\olubvuvs.exe
C:\WINDOWS\system32\qipp.exe
C:\WINDOWS\system32\TFTP1056
C:\WINDOWS\system32\TFTP3420
C:\WINDOWS\system32\TFTP476
C:\WINDOWS\System32\zsoppehb.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.

2008-04-25 17:13 . 2008-04-25 17:13 0 -ra------ C:\WINDOWS\system32\TFTP1700
2008-04-25 14:19 . 2008-04-25 14:19 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 02:08 . 2008-04-25 02:14 250 --a------ C:\WINDOWS\gmer.ini
2008-04-24 02:08 . 2008-04-24 02:08 <REP> d-------- C:\Documents and Settings\dark\Application Data\ImgBurn
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Program Files\ImgBurn
2008-04-23 17:22 . 2008-04-23 17:22 <REP> d-------- C:\Documents and Settings\dark\Application Data\Malwarebytes
2008-04-23 17:19 . 2008-04-23 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 17:17 . 2008-04-23 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Program Files\Avira
2008-04-22 22:56 . 2008-04-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 18:59 . 2008-04-22 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-22 18:52 . 2008-04-24 23:17 <REP> d-------- C:\SDFix
2008-04-22 01:29 . 2008-04-23 17:25 2,229,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-22 01:29 . 2008-04-23 17:25 31,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-22 01:29 . 2008-04-23 17:25 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 01:29 . 2008-04-23 17:25 3,284 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 00:59 . 2008-04-22 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-22 00:59 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-22 00:59 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-22 00:59 . 2008-04-23 17:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 00:58 . 2008-04-23 17:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-22 00:58 . 2008-04-22 00:58 <REP> d-------- C:\Program Files\Zone Labs
2008-04-22 00:58 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-22 00:58 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-22 00:57 . 2008-04-23 17:28 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-21 20:01 . 2008-04-21 20:01 268 --ah----- C:\sqmdata00.sqm
2008-04-21 20:01 . 2008-04-21 20:01 244 --ah----- C:\sqmnoopt00.sqm
2008-04-21 17:00 . 2008-04-21 17:00 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-04-21 15:57 . 2008-04-23 19:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-21 15:57 . 2008-04-21 15:57 <REP> d-------- C:\Documents and Settings\dark\Application Data\PC Tools
2008-04-21 15:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 15:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 15:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 15:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-21 14:18 . 2008-04-21 14:19 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-21 14:18 . 2008-04-21 14:18 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-08 23:19 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 23:19 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 23:19 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 23:19 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 15:54 --------- d-----w C:\Documents and Settings\dark\Application Data\Azureus
2008-04-25 15:02 --------- d-----w C:\Program Files\Azureus
2008-04-25 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-23 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 20:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 18:08 --------- d-----w C:\Program Files\Navilog1
2008-04-21 12:08 --------- d-----w C:\Program Files\Google
2008-04-14 15:57 --------- d-----w C:\Program Files\eMule
2008-03-16 19:09 --------- d-----w C:\Program Files\UltimateZip 2007
2008-03-16 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
.

------- Sigcheck -------

2001-08-28 14:00 1014784 637538190cdfdbafb7f66c6d50a34ee7 C:\WINDOWS\explorer.exe
2001-08-28 14:00 1014784 68ee774beb36a19db336d1902963d6d2 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-28 14:00 23040 b8f6c0adeafd733c51cee12a1c9ba30d C:\WINDOWS\system32\ctfmon.exe
2001-08-28 14:00 23040 7aae9ac8d29290e870fa9f8139a41135 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 15:47 311816]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-01-19 18:09 874496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 65024 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1634304 C:\WINDOWS\system32\nwiz.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-03 21:46 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 274689]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-04-25 18:00 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 14:00 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"}"= }:Nod32 Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 14:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-07 18:08:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 17:59:55
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\TEMP\DIL4.tmp
C:\WINDOWS\mrofinu1001186.exexe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 18:03:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 16:03:07
ComboFix2.txt 2008-04-25 15:01:51
ComboFix3.txt 2008-04-24 23:57:12
ComboFix4.txt 2008-04-24 18:48:58
ComboFix5.txt 2008-04-24 17:16:37

Pre-Run: 9,562,939,392 octets libres
Post-Run: 9,494,376,448 octets libres

193