Se connecter avec
S'enregistrer | Connectez-vous

Encore et toujours des virus.

Dernière réponse : dans Sécurité

Bonjour,

J'ai laissé un ami utiliser mon PC une après-midi, et je l'ai récupéré dans un sale état : il est infecté (explorer.exe plante au démarrage, faut tout le temps le réouvrir depuis le task manager, j'ai sans arrêt des alertes virus...). J'ai beau avoir effectué en safe mode un scan antivir et un scan spybot (qui ont détecté et viré plusieurs trucs), quelques infections demeurent.

Voici le rapport Hyjack :
Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:55, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myexpresssearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.besttoolbars.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {05BD1C7F-7D04-4AF1-B0DB-7923F2FF9CB6} - C:\WINDOWS\system32\cbXQhETL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E98AFCA-60F6-4071-91BC-B38951D86280} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\khfCTLcA.dll
O2 - BHO: (no name) - {3CFDD872-70A3-4361-BC71-7699E1F2F4EE} - C:\WINDOWS\system32\efccaXnM.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {012bc5ff-7c89-94cb-2d04-5e1e3a8ffcd6} - {6dcff8a3-e1e5-40d2-bc49-98c7ff5cb210} - C:\WINDOWS\system32\ueumiq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8F9E75E7-A185-4EBF-86ED-33A00557D356} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B94F3F24-6C6E-4225-AA2C-789CC2B20CE5} - (no file)
O2 - BHO: (no name) - {CA5B8305-1A1C-40B5-BC62-F2DB6C4C703C} - (no file)
O2 - BHO: (no name) - {F4152C16-8D12-48B5-A2C6-A6A9125B7005} - (no file)
O3 - Toolbar: My Express Search Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [SpybotDeletingC3535] cmd /c del "C:\WINDOWS\system32\efccaXnM.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khfCTLcA - C:\WINDOWS\SYSTEM32\khfCTLcA.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9270 bytes




Merci d'avance.

Autres pages sur : virus

Lassé par la pub ? Créez un compte

Merci beaucoup pour ton aide.

Voici le rapport combofix :

Citation :
ComboFix 08-07-15.4 - Fayt 2008-07-16 15:58:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2518 [GMT 2:00]
Running from: C:\Documents and Settings\Fayt\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\akidmmhs.ini
C:\WINDOWS\system32\awownhcs.ini
C:\WINDOWS\system32\cbHhknmp.ini
C:\WINDOWS\system32\cbHhknmp.ini2
C:\WINDOWS\system32\cdLkQXyb.ini
C:\WINDOWS\system32\cdLkQXyb.ini2
C:\WINDOWS\system32\ckusoatl.ini
C:\WINDOWS\system32\cnidsamb.ini
C:\WINDOWS\system32\epgbaygh.ini
C:\WINDOWS\system32\fihlgewe.ini
C:\WINDOWS\system32\GjlRYcfe.ini
C:\WINDOWS\system32\GjlRYcfe.ini2
C:\WINDOWS\system32\gjweyvxg.ini
C:\WINDOWS\system32\khvaekki.ini
C:\WINDOWS\system32\LTEhQXbc.ini
C:\WINDOWS\system32\LTEhQXbc.ini2
C:\WINDOWS\system32\MnXaccfe.ini
C:\WINDOWS\system32\MnXaccfe.ini2
C:\WINDOWS\system32\oqqqAJjl.ini
C:\WINDOWS\system32\oqqqAJjl.ini2
C:\WINDOWS\system32\tfdnrwsi.ini
C:\WINDOWS\system32\tictbpex.ini
C:\WINDOWS\system32\vlfqhfxl.ini
C:\WINDOWS\system32\xcavcrpk.ini
C:\WINDOWS\system32\xISsvyxx.ini
C:\WINDOWS\system32\xISsvyxx.ini2
C:\WINDOWS\system32\xxyvsSIx.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-16 15:56 . 2008-07-16 15:56 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Avira
2008-07-16 14:06 . 2008-07-16 14:06 <DIR> d-------- C:\Program Files\Avira
2008-07-16 12:19 . 2008-07-16 12:19 102,400 --a------ C:\WINDOWS\system32\tvfyiv.dll
2008-07-16 12:19 . 2008-07-16 12:19 102,400 --a------ C:\WINDOWS\system32\qlbytxql.dll
2008-07-15 22:19 . 2008-07-15 22:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 22:19 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 22:19 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 15:26 . 2008-07-15 15:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-15 15:26 . 2008-07-15 15:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-15 13:40 . 2008-07-15 13:40 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-15 13:40 . 2005-06-24 12:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-15 13:40 . 2005-06-24 12:50 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-07-14 00:48 . 2008-07-14 19:33 <DIR> d-------- C:\Program Files\CAPCOM
2008-07-13 22:34 . 2008-07-13 22:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-10 00:32 . 2008-07-10 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 16:27 . 2008-07-09 16:38 <DIR> d-------- C:\Program Files\Jacky Pomme
2008-07-06 00:14 . 2008-07-06 00:14 <DIR> d-------- C:\Graphics
2008-07-06 00:14 . 2005-11-13 02:28 238,080 --a------ C:\WINDOWS\system32\mwgfx24.dll
2008-07-06 00:14 . 2008-03-16 09:43 190,464 --a------ C:\WINDOWS\system32\mwgfx.dll
2008-07-06 00:14 . 2008-06-23 09:42 104,960 --a------ C:\WINDOWS\system32\mwdds.dll
2008-07-06 00:14 . 2004-05-14 12:13 56,832 --a------ C:\WINDOWS\system32\mwace.dll
2008-07-06 00:14 . 2007-08-19 10:37 28,672 --a------ C:\WINDOWS\system32\mwgfxcopy.exe
2008-07-04 16:25 . 2008-07-13 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-04 16:19 . 2008-07-04 16:22 <DIR> d-------- C:\Program Files\TmNationsForever
2008-07-04 12:08 . 2008-07-04 12:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-04 12:07 . 2008-07-04 12:14 <DIR> d-------- C:\Documents and Settings\Fayt\.housecall6.6
2008-07-03 16:13 . 2008-07-03 16:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Malwarebytes
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 13:05 . 2008-07-03 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 20:48 . 2008-07-06 20:35 <DIR> d-------- C:\Program Files\Diablo II
2008-07-02 20:28 . 2008-07-04 18:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-01 20:13 . 2008-07-01 20:13 28,288 --a------ C:\WINDOWS\system32\khfCTLcA.dll
2008-07-01 20:09 . 2008-07-02 20:57 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-01 20:09 . 2008-07-02 20:57 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-01 20:09 . 2008-07-02 20:57 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-01 18:15 . 2008-07-01 18:15 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Ace
2008-06-30 18:59 . 2008-06-30 18:59 <DIR> d-------- C:\Program Files\uTorrent
2008-06-30 18:59 . 2008-07-16 15:27 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\uTorrent
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-27 18:06 . 2008-06-27 18:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 14:57 . 2008-06-27 14:57 <DIR> d-------- C:\Program Files\MyExpressSearch
2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-22 15:42 . 2008-06-22 15:43 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-22 15:42 . 2008-07-08 15:39 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 14:03 --------- d-----w C:\Documents and Settings\Fayt\Application Data\WTablet
2008-07-16 13:27 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Skype
2008-07-16 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 19:29 --------- d-----w C:\Documents and Settings\Fayt\Application Data\skypePM
2008-07-15 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-03 07:27 --------- d-----w C:\Program Files\BitComet
2008-07-01 16:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 07:05 --------- d-----w C:\Program Files\Google
2008-06-22 13:54 --------- d-----w C:\Program Files\ATI Technologies
2008-06-22 13:45 --------- d-----w C:\Program Files\Trillian
2008-06-22 13:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-06-21 19:20 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-21 19:20 --------- d-----w C:\Program Files\Autodesk
2008-06-21 19:19 --------- d-----w C:\Program Files\Allegorithmic
2008-06-15 12:15 --------- d-----w C:\Documents and Settings\Fayt\Application Data\dvdcss
2008-06-14 20:06 --------- d-----w C:\Program Files\AMT
2008-06-14 14:05 --------- d-----w C:\Documents and Settings\Fayt\Application Data\OpenOffice.org2
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:08 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Autodesk
2008-06-11 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-11 20:01 --------- d-----w C:\Program Files\MSBuild
2008-06-11 19:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-05-31 06:09 --------- d-----w C:\Program Files\FlashGet
2008-05-24 15:47 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Wormux
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-14 21:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
2008-07-01 20:13 28288 --a------ C:\WINDOWS\system32\khfCTLcA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52177f70-3a5a-4730-a2b2-0c931b26ba0e}]
2008-07-16 12:19 102400 --a------ C:\WINDOWS\system32\tvfyiv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA67}"= "C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll" [2008-05-12 18:42 2396160]

[HKEY_CLASSES_ROOT\clsid\{6226ba26-c017-4007-928c-de9715c6fa67}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA67}"= "C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll" [2008-05-12 18:42 2396160]

[HKEY_CLASSES_ROOT\clsid\{6226ba26-c017-4007-928c-de9715c6fa67}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 18:23 1953792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 08:16 39792]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 04:05 734264]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-26 08:27 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"= "C:\WINDOWS\system32\khfCTLcA.dll" [2008-07-01 20:13 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCTLcA]
2008-07-01 20:13 28288 C:\WINDOWS\system32\khfCTLcA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 21:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DCPFLICS\\DCPFLICS_tools.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22737:TCP"= 22737:TCP:BitComet 22737 TCP
"22737:UDP"= 22737:UDP:BitComet 22737 UDP

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-16 14:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-02-07 10:06]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-02 10:07]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 18:34]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 04:40]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c6b20c-e70f-11dc-9786-001d60ea6fc7}]
\Shell\AutoRun\command - G:\CDIntro.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceae267-dde8-11dc-976b-001d60ea6fc7}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 16:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{05BD1C7F-7D04-4AF1-B0DB-7923F2FF9CB6} - C:\WINDOWS\system32\cbXQhETL.dll
BHO-{3CFDD872-70A3-4361-BC71-7699E1F2F4EE} - C:\WINDOWS\system32\efccaXnM.dll
Notify-WB - (no file)
MSConfigStartUp-BitComet - C:\Program Files\BitComet\BitComet.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 16:04:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfCTLcA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-16 16:08:56 - machine was rebooted [Fayt]
ComboFix-quarantined-files.txt 2008-07-16 14:08:47

Pre-Run: 372,989,804,544 bytes free
Post-Run: 372,914,503,680 bytes free

281 --- E O F --- 2008-06-20 22:17:21

Bonjour,

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

Citation :
File::
C:\WINDOWS\system32\tvfyiv.dll
C:\WINDOWS\system32\qlbytxql.dll
C:\WINDOWS\system32\khfCTLcA.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52177f70-3a5a-4730-a2b2-0c931b26ba0e}]
[-HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[-HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCTLcA]


-Enregistre ce fichier dans: Bureau
-Nom du fichier : CFScript
-Type du fichier : tous les fichiers
-clique sur Enregistrer
-quitte le Bloc Notes


  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


    • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Merci pour l'aide.

    Citation :
    ComboFix 08-07-15.4 - Fayt 2008-07-18 23:06:36.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2564 [GMT 2:00]
    Running from: C:\Documents and Settings\Fayt\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fayt\Desktop\cfscript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\khfCTLcA.dll
    C:\WINDOWS\system32\qlbytxql.dll
    C:\WINDOWS\system32\tvfyiv.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\khfCTLcA.dll
    C:\WINDOWS\system32\qlbytxql.dll
    C:\WINDOWS\system32\tvfyiv.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
    .

    2008-07-16 15:56 . 2008-07-16 15:56 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Avira
    2008-07-16 14:06 . 2008-07-16 14:06 <DIR> d-------- C:\Program Files\Avira
    2008-07-15 13:40 . 2008-07-15 13:40 <DIR> d-------- C:\Program Files\NVIDIA Corporation
    2008-07-15 13:40 . 2005-06-24 12:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-07-15 13:40 . 2005-06-24 12:50 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2008-07-14 00:48 . 2008-07-14 19:33 <DIR> d-------- C:\Program Files\CAPCOM
    2008-07-13 22:34 . 2008-07-13 22:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
    2008-07-10 00:32 . 2008-07-10 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-09 16:27 . 2008-07-09 16:38 <DIR> d-------- C:\Program Files\Jacky Pomme
    2008-07-06 00:14 . 2008-07-06 00:14 <DIR> d-------- C:\Graphics
    2008-07-06 00:14 . 2005-11-13 02:28 238,080 --a------ C:\WINDOWS\system32\mwgfx24.dll
    2008-07-06 00:14 . 2008-03-16 09:43 190,464 --a------ C:\WINDOWS\system32\mwgfx.dll
    2008-07-06 00:14 . 2008-06-23 09:42 104,960 --a------ C:\WINDOWS\system32\mwdds.dll
    2008-07-06 00:14 . 2004-05-14 12:13 56,832 --a------ C:\WINDOWS\system32\mwace.dll
    2008-07-06 00:14 . 2007-08-19 10:37 28,672 --a------ C:\WINDOWS\system32\mwgfxcopy.exe
    2008-07-04 12:08 . 2008-07-04 12:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-07-04 12:07 . 2008-07-04 12:14 <DIR> d-------- C:\Documents and Settings\Fayt\.housecall6.6
    2008-07-03 16:13 . 2008-07-03 16:13 <DIR> d-------- C:\Program Files\Electronic Arts
    2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Malwarebytes
    2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-03 13:05 . 2008-07-03 13:05 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-02 20:48 . 2008-07-06 20:35 <DIR> d-------- C:\Program Files\Diablo II
    2008-07-02 20:28 . 2008-07-04 18:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
    2008-07-01 20:09 . 2008-07-02 20:57 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2008-07-01 20:09 . 2008-07-02 20:57 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2008-07-01 20:09 . 2008-07-02 20:57 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2008-07-01 18:15 . 2008-07-01 18:15 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Ace
    2008-06-30 18:59 . 2008-06-30 18:59 <DIR> d-------- C:\Program Files\uTorrent
    2008-06-30 18:59 . 2008-07-16 16:06 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\uTorrent
    2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Common Files\Skype
    2008-06-27 18:06 . 2008-06-27 18:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-06-27 14:57 . 2008-07-16 19:02 <DIR> d-------- C:\Program Files\MyExpressSearch
    2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-18 21:11 --------- d-----w C:\Documents and Settings\Fayt\Application Data\WTablet
    2008-07-16 22:11 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Skype
    2008-07-16 19:03 --------- d-----w C:\Documents and Settings\Fayt\Application Data\skypePM
    2008-07-16 14:20 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
    2008-07-16 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-15 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-09 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-04 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-03 07:27 --------- d-----w C:\Program Files\BitComet
    2008-07-01 16:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-23 07:05 --------- d-----w C:\Program Files\Google
    2008-06-22 13:54 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-22 13:45 --------- d-----w C:\Program Files\Trillian
    2008-06-22 13:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-06-21 19:20 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2008-06-21 19:20 --------- d-----w C:\Program Files\Autodesk
    2008-06-21 19:19 --------- d-----w C:\Program Files\Allegorithmic
    2008-06-15 12:15 --------- d-----w C:\Documents and Settings\Fayt\Application Data\dvdcss
    2008-06-14 20:06 --------- d-----w C:\Program Files\AMT
    2008-06-14 14:05 --------- d-----w C:\Documents and Settings\Fayt\Application Data\OpenOffice.org2
    2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 20:08 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Autodesk
    2008-06-11 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-06-11 20:01 --------- d-----w C:\Program Files\MSBuild
    2008-06-11 19:59 --------- d-----w C:\Program Files\Reference Assemblies
    2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
    2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-06-02 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
    2008-05-31 06:09 --------- d-----w C:\Program Files\FlashGet
    2008-05-24 15:47 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Wormux
    2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-14 21:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-16_16.08.26.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
    + 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
    + 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
    + 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
    + 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
    + 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
    + 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
    + 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
    + 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
    + 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
    + 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
    - 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2008-07-18 20:53:47 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    - 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
    "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 18:23 1953792]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 08:16 39792]
    "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 04:05 734264]
    "KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-26 08:27 151552]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-18 22:53 266497]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 21:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
    "C:\\Program Files\\Trillian\\trillian.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\DCPFLICS\\DCPFLICS_tools.exe"=
    "C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
    "C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22737:TCP"= 22737:TCP:BitComet 22737 TCP
    "22737:UDP"= 22737:UDP:BitComet 22737 UDP

    R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-18 22:53]
    R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-18 22:53]
    R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-18 22:53]
    R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-02 10:07]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 18:34]
    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
    S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 04:40]
    S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
    S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c6b20c-e70f-11dc-9786-001d60ea6fc7}]
    \Shell\AutoRun\command - G:\CDIntro.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceae267-dde8-11dc-976b-001d60ea6fc7}]
    \Shell\AutoRun\command - F:\autorun.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-07-14 16:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-18 23:11:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DCPFLICS\DCPFLICS.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-18 23:14:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-18 21:14:46
    ComboFix2.txt 2008-07-16 14:08:57

    Pre-Run: 373,756,411,904 bytes free
    Post-Run: 373,743,063,040 bytes free

    254 --- E O F --- 2008-07-18 20:52:25

    Voici.

    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:54:39, on 19/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Keyboard Driver\OEMDriver.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DCPFLICS\DCPFLICS.exe
    C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myexpresssearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

    --
    End of file - 9010 bytes

    Bonjour,

    Télécharger Malwarebytes' Anti-Malware depuis http://www.besttechie.net/tools/mbam-setup.exe
    Enregistrer ce fichier sur le Bureau.
    Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
    Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

    Désactiver le module résident de ton antivirus.
    Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
    Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
    Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen complet" puis cliquer sur le bouton Rechercher.
    Attendre sans rien faire d'autre la fin de la recherche, puis cliquer sur le bouton "Afficher les résultats".
    Vérifier que toutes les lignes sont cochées.
    Cliquer sur le bouton "Supprimer la sélection"
    Attendre patiemment sans rien faire d'autre la fin du nettoyage.
    Un redémarrage est parfois nécessaire. Accepter.
    Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
    Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

    Poste le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier d'installation de Malwarebytes' Anti-Malware / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])

    Bonjour,

    Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> http://cybersecurite.xooit.com/t123-Les-controles-Activ...


    • Fais un scan en ligne Kaspersky
    • Clique sur Accept
    • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    • clique une nouvelle fois sur "Accept"
    • Les bases de mises à jour vont s'installer, patiente un moment
    • Clique sur Next.
    • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.


  • A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

    Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

    Colle ce rapport dans ta réponse sur le forum.

    Aide en cas de problème http://cybersecurite.xooit.com/t100-Scan-en-ligne-Kaspe...

    NOTE: Le scan est à faire avec Internet Explorer.

    Bonjour,

    Tu n'as pas de firewall, c'est pourtant indispensable, prends en un tel zone alarm:

    _zone alarm que tu peux télecharger ici http://www.zonelabs.com/store/content/catalog/products/...;jsessionid=D8t7X9DMTcUJiddmAMkDwkjsU7EzgK7U12N6N6A12jNQRYkXk5G5!-1562397039!-1062696904!7551!7552!NONE?dc=34std&ctry=FR&lang=fr&lid=nav_za
    _tuto pour zone alarm ici http://forum.telecharger.01net.com/microhebdo/questions...

    telecharge et installe le puis mets le à jour si necessaire.

    Content que tu n'aies plus de problème ;) 

    Pense a mettre la question en resolu, pour se faire tu edites ton titre (premier message) et tu mets devant [résolu]

    Malware Complaints est une coopération entre beaucoup d’assistants anti-malware et d’experts de partout dans le monde. De tous les coins du monde, ces gens se sont unis pour faire en sorte que les utilisateurs, peu importe de quelle partie du monde ils sont originaires, puissent déposer une plainte contre le malware et leurs auteurs.
    Citation :
    Dénonce ton infection pour faire condamner les auteurs.
    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
    - Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
    - Après t'être enregistré à l'aide du bouton en haut register
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clique sur : I Agree to these terms and am under 13 years of age

    Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
    ---> http://www.malwarecomplaints.info/viewforum.php?f=10

    Plus d'info sur MalwareComplaints ici : http://forum.zebulon.fr/index.php?showtopic=88688
    canned de Malekal_morte : http://www.malekal.com/


    Plus d'info sur le topic d'Ipl_001 ici (merci à Kimberly!!) =>
    http://forum.zebulon.fr/index.php?showtopic=88688[/quote]
    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde