Virus Bagle

Bonjour,

Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.

Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.

Merci de l' aide, mais impossible de le lancé comme les autres programmes:

C:\Documents and Settings\Ars3nik\Bureau\catchme.exe n' est pas une application Win32 valide.

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Pour les protection j' en est plus donc s' est fait, toujours le méme souci:

ComboFix n' est pas une application Win32 valide.

Combofix est bien nommé combo-fix.exe chez toi ?

Non Combo-Fix tout simplement.

C'est parce que tu ne vois pas les extensions  

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

J' ai enregistrer dans C: et dezippé. Il n' y a toujours pas d' éxtansion, quand je double clique sur gmer j' ai un message d' erreur, si je ne clique pas tout de suite dessus il disparait.

DOnc 1er message:

CreateFile " C:\WINDOWS\gmer.dll": Le fichier spécifié est introuvable.

Je fait OK.

CreateFile " C:\WINDOWS\system32\gmer.sys": Le fichier spécifié est introuvable.

Pour voir je vais dans C:\WINDOWS\ et je vois bien le fichier gmer toujours sans l' éxtension (dll) si je clique dessus il me repette les deus messages au dessus et nesuite celui ci:

Warning !!!

Loaded GMER's driver version is incompatible with the currently runnning GMER application. You need to stop the driver with the command "net stop gmer" or restart your computer.

Une tente une dernière chose avant les grands moyens.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1202
Windows 5.1.2600 Service Pack 2

24/09/2008 20:39:57
mbam-log-2008-09-24 (20-39-56).txt

Type de recherche: Examen complet (C:\|D:\|V:\|)
Eléments examinés: 157535
Temps écoulé: 38 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 63

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Ars3nik.ORDI-ARS3NIK\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\110718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\118421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\135171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\140250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14897109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14900687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14906515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14907125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14923890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14937156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14969578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14982203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14991015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15060625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15061671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15084140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15087234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15120031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15132625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15140031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\153031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\162796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\166609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\169000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\222656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\230218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\38500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\389703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\396593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\398484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\421000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\455546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\472984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\481390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\503937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\511718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\513968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\56812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\58015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\584953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\587312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\58796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\618296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\633406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\640828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\72812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\75531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\78109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\83562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\87609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\CSRSS.EX_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\EXPLORER.SC_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

Relance Combofix  

J' ai deja essayé se ne marche toujours pas.  

MBAM te détecte encore des fichiers ?

Je viens de relancé MalwareByte's Anti-Malware mais toujours pareil je ne peux rien lancé.

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1202
Windows 5.1.2600 Service Pack 2

25/09/2008 20:43:53
mbam-log-2008-09-25 (20-43-52).txt

Type de recherche: Examen complet (C:\|D:\|V:\|)
Eléments examinés: 158116
Temps écoulé: 40 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{9A8944FE-3F74-4958-8090-EEA17ADA1001}\RP129\A0056394.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Re,

Tu peux aller en sans échec ?

disons que je prefére evité car tout ceux qui ont lancé le mode sans echec n' arive plus a relancé leur pc en mode normal.

Le mode sans echec fonctionne par contre toujours les méme souci constaté.

J' ai essayé de lancé tunUp sa me dit:

Le point d' entrée de procédure @Security@initialisation$qqrv est introuvable dans la bibliothèque de liaison dynamique ntrtl60.bpl.

Tu as essayé les outils comme Combofix en sans échec ?

Premier reflex que j' ai eu  

C'est bizarre, l'infection ne semble plus être là.
Hijackthis toujours pas ?  

Toujours pas les erreur Win 32 toujours la ...

Tu va télécharger Combofix avant Internet Explorer, et avant de l'enregistrer, renomme-le en Combo-fix.exe.

Avent IE ???

J' ai retelécharger Combofix en suprimant lancien, cette fois ci enregister sur C: en Combo-Fix.exe l' extansion ne se vois toujours pas mais en tout cas sa a marcher  .

Le raport si besoin, http://dl.free.fr/qbdMxC8fK .

HijackThis ne fonctionne toujours pas et Catchme a était suprimé par Combo fix.

Je voulais dire "avec".
Toujours impossible de lancer Hijackthis ?

Ba voui.

Excuse moi, raté la ligne.
Je comprends pas, l'infection n'est apparemment plus là  

Imaginons que l' infection n' est plus la ou méme qu' elle n' as jamais était presente. De quoi peuvent venir les erreurs Win 32.

Un fichier suprimé ?

Sa ne fait peut étre plus parti des probléme Sécurité - Virus mais Hardware !!??

Normalement ça vient de l'infection  
Tu peux faire un scan en ligne Kaspersky ?

Oui je peux. Enf ait il est possible que l' inféction n' est plus la, le PC de ram plus le mode sans echec fonctionne, j' ai surpimé et rétélécharger Gmer il marche:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-29 22:48:52
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!FindResourceExW 7C80AB10 4 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!FindResourceExW + 5 7C80AB15 2 Bytes [ CC, CC ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!LockResource 7C80C6CF 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!FindResourceA 7C80C7B1 7 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!FindResourceExA 7C822C2D 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] kernel32.dll!OutputDebugStringW 7C85A215 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, B0, CC, CC ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 28004090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 28003820 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 28005980 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!LoadIconW 77D212EA 5 Bytes JMP 280062B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!LoadImageW 77D23744 5 Bytes JMP 280060C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 28005AC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 28005840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 28005CB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 28004970 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 28009F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009DC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A5A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] SHELL32.dll!Shell_NotifyIconW 7CA31AD2 5 Bytes JMP 28002FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WININET.dll!HttpOpenRequestA 77AB2B11 5 Bytes JMP 28008BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WININET.dll!InternetCloseHandle 77AB4DA4 5 Bytes JMP 28008F20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WININET.dll!HttpSendRequestA 77AB60B9 5 Bytes JMP 28008E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2292] WININET.dll!InternetReadFile 77AB823F 5 Bytes JMP 28008D70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Files - GMER 1.0.14 ----

File C:\Program Files\TrojanHunter 5.0\Doc 0 bytes
File C:\Program Files\TrojanHunter 5.0\Doc\LicenseInstall.rtf 5884 bytes
File C:\Program Files\TrojanHunter 5.0\Doc\Welcome.rtf 4475 bytes
File C:\Program Files\TrojanHunter 5.0\InstallLicense.exe 268960 bytes
File C:\Program Files\TrojanHunter 5.0\Options.cfg 2050 bytes
File C:\Program Files\TrojanHunter 5.0\Rev.dat 1425 bytes
File C:\Program Files\TrojanHunter 5.0\RuleFiles 0 bytes
File C:\Program Files\TrojanHunter 5.0\SubmitFiles 0 bytes
File C:\Program Files\TrojanHunter 5.0\SubmitFiles\SubmitFiles.exe 313856 bytes
File C:\Program Files\TrojanHunter 5.0\thcl.exe 340640 bytes
File C:\Program Files\TrojanHunter 5.0\THGuard.exe 1046688 bytes
File C:\Program Files\TrojanHunter 5.0\THSec.dll 102912 bytes
File C:\Program Files\TrojanHunter 5.0\thshlicons.dll 17408 bytes
File C:\Program Files\TrojanHunter 5.0\Tools 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer\AutostartExplorer.exe 305664 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Autostart Explorer\Descriptions.ini 6520 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\LiveUpdate\LiveUpdate.exe 264352 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\MemString 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\MemString\MemString.exe 161792 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Netstat Viewer 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Netstat Viewer\NetstatViewer.exe 533504 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Process Viewer 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Process Viewer\ProcessViewer.exe 316416 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Window List 0 bytes
File C:\Program Files\TrojanHunter 5.0\Tools\Window List\WindowList.exe 156160 bytes
File C:\Program Files\TrojanHunter 5.0\Tools.ini 471 bytes
File C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe 2415776 bytes
File C:\Program Files\TrojanHunter 5.0\TrojanHunter.url 60 bytes
File C:\Program Files\TrojanHunter 5.0\unins000.dat 13414 bytes
File C:\Program Files\TrojanHunter 5.0\unins000.exe 682330 bytes
File C:\Program Files\TrojanHunter 5.0\unrar.dll 152064 bytes
File C:\Program Files\TrojanHunter 5.0\UnUpx.dll 46592 bytes executable
File C:\Program Files\TrojanHunter 5.0\unzdll.dll 122368 bytes
File C:\Program Files\TrojanHunter 5.0\ZipDll.dll 133120 bytes
File C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP\WiseCustomCalla1.dll 561152 bytes
File C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP\WiseData.ini 24952 bytes

---- EOF - GMER 1.0.14 ----

Aparement ma machine fonctionne a merveile juste quelque logiciel que je doit complétement réinstallé. HiJackThis marche aprés lui aussi reteléchargé, ils sont du étre endomagé par le virus au moment des enregistrement.

Merci de ton aide Angeldark et aussi a votre forum sur lequelle je peux toujours compté  

Bon surf  

  Slt, j'ai aussi ce probleme de message sur mon pc OneClick.exe. Point d'entree introuvable.
Le point d'entree de procedure @security@initialization$qqrv est introuvable dans la bibliotheque de liaisons dynamique ntrtl60.bpl.
J'avoue que mtn je suis paumee en + je ne m'y connais pas trop (voir pas du tout   ) si vous pouvez m'aidez a regler mon souci (ms version simplifiee   ) ca sere avec un reel plaisir et je sere pas obliger a m'acheter une perruque   lol merci a tous

@++ deb  

Désolé pour le déterrage mais regardé cette vidéo a mon avis tu avez un truc comme cela

Merci au gars qui a galérer surement comme toi pour désinfecté sa machine  

Bonjour, voilà j'ai un soucis avec avast , il me met un message d'erreur "..... n'est pas une application Win32" pareil pour Hijackthis , donc j'ai suivi la solution avec ComboFix renommé en Combo-Fix et j'ai pu faire l'annalyse, voilà ce que j'ai, si quelqu'un peu m'aider :


ComboFix 09-09-07.05 - Thibault 08/09/2009 17:41.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1666 [GMT 2:00]
Running from: c:\documents and settings\Thibault\Bureau\Combo-Fix.exe
FW: Look 'n' Stop 2.06 (Soft4Ever) *enabled* {2A530F53-4A99-4EE0-8471-4A00BA4A47B0}
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Thibault\Application Data\drivers\111wfs1intwq.sys
c:\documents and settings\Thibault\Application Data\Drivers\11s11ro1s1a2.sys
c:\documents and settings\Thibault\Application Data\drivers\downld
c:\documents and settings\Thibault\Application Data\drivers\downld\554453.exe
c:\documents and settings\Thibault\Application Data\drivers\downld\574703.exe
c:\documents and settings\Thibault\Application Data\drivers\downld\582906.exe
c:\documents and settings\Thibault\Application Data\drivers\downld\584265.exe
c:\documents and settings\Thibault\Application Data\drivers\downld\584578.exe
c:\documents and settings\Thibault\Application Data\drivers\winupgro.exe
c:\documents and settings\Thibault\Application Data\inst.exe
c:\documents and settings\Thibault\Application Data\m
c:\documents and settings\Thibault\Application Data\m\flec006.exe
c:\windows\Installer\1b460.msi
c:\windows\jestertb.dll
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_IPRIP
-------\Legacy_SK9OU0S
-------\Service_Iprip
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-07 16:02 . 2009-09-07 16:02 -------- d-----w- c:\documents and settings\Thibault\Application Data\HouseCall 6.6
2009-09-07 16:02 . 2009-09-07 16:02 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-09-06 14:19 . 2007-04-18 16:12 85952 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-06 14:19 . 2007-04-18 16:06 90112 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-06 14:18 . 2007-04-18 16:16 733824 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-06 13:51 . 2009-09-08 15:44 -------- d--h--w- c:\documents and settings\Thibault\Application Data\drivers
2009-09-06 13:22 . 2009-09-06 13:23 592 ----a-w- c:\windows\chgkey.vbs
2009-09-05 12:00 . 2009-09-05 12:00 -------- d-----w- c:\program files\Audacity
2009-08-31 12:53 . 1998-07-05 21:00 14336 ----a-w- c:\windows\system32\MSCOMDE.DLL
2009-08-31 12:53 . 2002-07-26 14:02 26000 ----a-w- c:\windows\system32\CTL3D.dll
2009-08-31 12:53 . 2000-10-01 21:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2009-08-31 12:53 . 1998-05-04 21:00 24576 ----a-w- c:\windows\system32\CmCt2DE.DLL
2009-08-31 12:52 . 2009-08-31 12:52 -------- d-----w- c:\program files\Shockwave 3D Lights Redux for FS9
2009-08-28 14:12 . 2006-10-07 15:43 502784 ----a-w- c:\windows\x2.64.exe
2009-08-28 14:12 . 2006-04-12 07:47 217073 ----a-w- c:\windows\meta4.exe
2009-08-28 14:12 . 2006-04-05 06:09 66560 ----a-w- c:\windows\MOTA113.exe
2009-08-28 14:12 . 2005-07-14 10:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2009-08-28 14:12 . 2005-02-28 11:16 240128 ----a-w- c:\windows\system32\x.264.exe
2009-08-28 14:12 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-28 14:12 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-08-28 14:11 . 2009-08-28 14:11 -------- d-----w- c:\program files\eRightSoft
2009-08-27 19:12 . 2009-08-27 19:12 -------- d-----w- c:\program files\Aimersoft
2009-08-26 11:40 . 2009-08-26 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-08-26 11:40 . 2009-08-26 11:40 -------- d-----w- c:\documents and settings\Thibault\Application Data\PC Suite
2009-08-26 11:39 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2009-08-26 11:39 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-08-26 11:39 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-08-26 11:38 . 2009-04-07 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-08-26 11:38 . 2009-04-07 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-08-26 11:38 . 2009-04-07 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-08-26 11:38 . 2009-08-26 13:30 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-26 11:23 . 2009-08-26 11:23 -------- d-----w- c:\documents and settings\Thibault\Application Data\Jeyo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 15:40 . 2008-09-11 14:26 -------- d-----w- c:\program files\SuperCopier2
2009-09-07 20:41 . 2008-09-19 17:30 -------- d-----w- c:\documents and settings\Thibault\Application Data\teamspeak2
2009-09-06 20:11 . 2008-09-20 21:23 -------- d-----w- c:\program files\eMule
2009-09-06 11:25 . 2008-09-11 14:22 -------- d-----w- c:\program files\RamBoost XP
2009-09-05 12:41 . 2008-09-11 13:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 07:46 . 2008-09-11 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 18:06 . 2001-08-28 12:00 91532 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-03 18:06 . 2001-08-28 12:00 522078 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-02 21:36 . 2008-10-10 19:16 -------- d-----w- c:\program files\adslTV
2009-09-02 17:10 . 2008-10-21 07:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-31 12:53 . 2009-07-06 18:02 -------- d-----w- c:\program files\Aerosoft
2009-08-26 13:31 . 2009-01-04 17:28 -------- d-----w- c:\documents and settings\Thibault\Application Data\Samsung
2009-08-26 13:31 . 2009-01-04 16:26 -------- d-----w- c:\program files\Samsung
2009-08-26 11:39 . 2008-09-11 13:59 -------- d-----w- c:\program files\DIFX
2009-08-26 09:43 . 2008-09-11 13:52 30872 ----a-w- c:\documents and settings\Thibault\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 15:23 . 2009-08-25 15:23 18015723 ----a-w- c:\documents and settings\All Users\Application Data\vlc-1.0.1-win32.exe
2009-08-05 09:00 . 2008-04-13 17:33 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2008-04-13 17:33 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2008-04-13 17:33 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2008-04-13 17:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-13 17:33 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2008-06-09 08:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 15:32 . 2009-06-30 15:31 16742799 ----a-w- c:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
2009-06-15 10:44 . 2008-04-13 17:34 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2008-04-13 17:34 82944 ----a-w- c:\windows\system32\tlntsess.exe
2008-10-05 12:47 . 2008-10-05 12:47 61 --sh--w- c:\windows\cnerolf.bin
2009-01-11 15:22 . 2008-09-16 19:05 90 --sh--w- c:\windows\cnerolf.dat
2009-01-10 15:12 . 2008-12-26 23:10 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2005-01-18 851968]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2008-06-25 1209584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-09-08 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13529088]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-08 75392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]
"Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe" [2009-05-11 516164]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-26 1630208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Thibault\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-12 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP rotocole PNRP (Peer Name Resolution Protocol)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [11/05/2009 17:16 77184]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [20/12/2008 15:44 43816]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 fsssvc;Windows Live Contrôle parental; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/08/2009 13:38 36608]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.beauvais-aviation.biz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {342E1686-F75A-4568-B2A0-A204F291724B} = 212.27.53.252,212.27.54.252
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 17:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Thibault\LOCALS~1\Temp\mc22.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="389DE07A133C45BFF10C975D3C1A413A9BF394223572104227EDC26501B974B675D61549622D23B400CD7B784F7CC6021509FAFBF7429BCB207544DED3CF0FB085A2E9A346BF7A9D8B091784CFE2E9FB5A186210D575EF2CFB95AD066DAC0F5502511190418AABFD2A22DBC609061AF71837A00002892EA2A2BC557B0AB3E4F2AC4682D1BCF4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A9C6AECB7A5D1407E5BC65590B7C492799CA49D32AEF940DD95953BD65144816A3B5B59ED141272561047D7CCB7CB75A8A41ECD0AF6EE82F5F2863C60B2744DD2C5B5DCE76B1AE1B26E1787A70793F1CC5709230C7FE9DEE488BF0AB21DBF529B4EEFE4CFE9779D5EB4D94B865CAF549D45D524C041673AF91320CDA78E4E6FCC6EBC43C9A03F92170B0B3B2DBFDD51346FEE61734DE0CA5B9C1E85AA3A9053574C379D8BC36059CF2695BF5C8D2BD7D2C3EB0906F34EEDAC1CF5EC1F8C39E80CF5B0F6E9E2B54BB3A4A362566BDEEE29A7C30520F2A89ADB1EA6A3E9481E9E1F00D1BDE3C0B05478D17927630E611EDAC8C0F863185A9CF1412AA8FD5E67D307224551F55B71859B90D603468AC2E21FE3315ECB9BE024675B9E309DE29571575621CB76DC2F3E28FD7B63C141E3450B32EB3584D84ABEBEBC8FE9318B257919D7D6FC7CEF361A6E21AD0017C80F62570ABFC3155B7216D0C9B062D2B2341F5129D73FE82C60F3E0E6A0A892FCAAA1BDE4DA7F002EEC1CDF003AA62884C3D6A7E5F72A3DAEB0C93EBD166EEFB2BEA832D2C0D28C4F25160B8C23F5B6234D9689154D88E6CC5CFE75E4E8ADF798237050C512FF9D2C0F5D207123DCEB01685C00182372D8EEB324EC9D340207F63EF95B03EAF9C268A3E1F819DBF082FE015158261437F5D2BF1AE96477683AC97DC82D6E3D45D7FB5169A53858568DA3642DB53DFD49D38812F45B001BE75609C28EDB9A90A1ADD5CD2E72BDE74E3F86DA760B2DCE82E4423F0208BD1CEF44120DECB9DEADEC50ACBAA82BB2F93830F8FC542E3AE216FE9F71FA497F90093B889F5E446F605E88C833AB63CF40FE1E9DD81F2AE1D4333D499088BD1B05176726FC1D57D10539EB33D0129E51E3631964824B8DDE6B55D75DADBDC349EE3D960207D9091ED4594915E604C77107DB46A7658AFC23C0769FE3CB17C3FE2FD0BB71B47D8D3BB7A8F7D86A2EB36A27D44FBC2B0C7AF4168E1EAF6029C788E09EC7194A1C61A183467900770A5E4A1704DA53B9EBFFC112DE9F4F52A4469A893754AF4F2C8BD155B052964DBEAD1CDB6CE06A3FDB2073750B69CD9ECCF1DAACFAE44D9859E1C3C78E9E8D8558049D8D4DE03700809ABB46C102673EC6F25821236241308DC1886"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\SHDOCVW.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\locator.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2009-09-08 17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 15:49

Pre-Run: 10 541 375 488 octets libres
Post-Run: 10 370 273 280 octets libres

264 --- E O F --- 2009-09-03 18:01



MErci d'avance