Alerte "Windows security center" +lancement "SPYWARE GUARD 2008"

Bonjour à toutes et tous.
Je pense que mon Pc est clafi de virus. Je m'en remets donc à vous aprés plusieurs tentatives restées vaines.
Un message intempestif de "windows security center" s'ouvre et me lance automatiquement "SPYWARE GUARD 2008". Lorsque je suis sur le net, des fenêtres s'ouvrent toutes seules...

Je sais qu'un sujet de ce type existe déjà sur le forum, mais je ne suis pas parvenu à effectuer les téléchargements.

J'ai AVIRA comme antivirus. Je suis sous xp sp3.

Bon je pars au boulot je vous remercie ;-)

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonsoir
à faire dans l'ordre

1
Télécharger Rooter.exe sur ton bureau
Double clique dessus et poste le rapport ( %Systemdrive%\Rooter.txt )
2

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :

Fais redémarrer ton ordinateur en mode sans échec

- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

Aide :

++++++++++++++++

Message édité par Sham_Rock le 11-12-2008 à 22:00:55

Répondre à Sham_Rock

Bonsoir.
Tout d'abord merci de te pencher sur ma question. C'est vraiment sympa ;-)

Voici le rapport de ROOTER.

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Admin ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:26 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (USB)

12/12/2008| 0:02

----------------------\\ Search..

C:\WINDOWS\system32\DdeMSvut.ini
C:\WINDOWS\system32\DdeMSvut.ini2
C:\WINDOWS\system32\tuvSMedD.dll
==> VUNDO <==

C:\DOCUME~1\Admin\APPLIC~1\drivers\srosa2.sys
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15222234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15224625.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15224984.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15265375.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15295312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15295781.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15296281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15296687.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387062.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387125.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15387140.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15414593.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15416140.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15416578.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15418031.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15419453.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15419921.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15450812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15451734.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15452250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15522812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15523171.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\15523234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\174531.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\176125.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\176640.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\178312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\184015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\185687.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\186156.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\187203.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\192125.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\193859.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\194234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\195000.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\197593.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\197781.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\198484.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\199218.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\199656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\200140.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\200812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\201296.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\209625.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\211265.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\211656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\217109.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\251656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\258703.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\259968.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\260875.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\262375.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\266078.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\266203.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\267984.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\270640.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\271015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\272046.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\272578.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277953.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\277968.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\278953.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\279656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\279968.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\288984.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\290250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\290828.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\293250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\294343.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\294781.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\297015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\298406.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\298921.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29947203.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29948890.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\29949265.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\300187.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30043468.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30044046.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30044421.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\300984.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30129250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30129265.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\301500.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30151484.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30152828.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30153265.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30154406.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30155718.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30156156.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30188859.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30189500.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30190265.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280062.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280406.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\30280468.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\315687.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\316140.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\316453.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\317640.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\320125.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\320546.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\322359.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\322843.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\323281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355031.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355578.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\355640.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\357156.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\357875.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\358031.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\372250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\373640.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\374125.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\375343.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376203.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376359.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376734.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\376812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\377187.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\377281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\382484.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\383453.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384140.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\384421.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\386750.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\387812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\388234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\395531.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\396687.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\396828.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\406234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\406765.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\407109.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\409812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\410218.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\410546.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\416062.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\417531.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\418437.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\420031.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\422328.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\423000.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4300859.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4303062.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4303484.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4304390.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4305234.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4305468.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4306546.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4309046.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4309453.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4387734.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4388328.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4406296.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4407500.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4408015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4409656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4410531.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4411015.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433046.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433484.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4433796.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4487734.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4489250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\4489312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\451890.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\452359.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\452765.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467812.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\467875.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481031.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481625.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\481687.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\538281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\539093.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\539281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\583703.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\599671.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\600953.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\601437.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\602718.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\628562.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\628734.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\629546.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\630968.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\631281.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\700828.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\701531.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\701546.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\719609.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\720890.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\721312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\722312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\723062.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\723656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\743890.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\744312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\744750.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\799656.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\800250.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld\800312.exe
C:\DOCUME~1\Admin\APPLIC~1\drivers\downld
C:\DOCUME~1\Admin\APPLIC~1\drivers
==> BAGLE <==

----------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit TDSS ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

----------------------\\ Rogues..

C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\Spyware Guard 2008
C:\PROGRA~1\Spyware Guard 2008

----------------------\\ Registry

[HKEY_LOCAL_MACHINE\Software\TDSS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\tdssdata]

1 - "C:\Rooter$\Rooter_1.txt" - 12/12/2008| 0:05

----------------------\\ Scan completed at 0:05

Répondre à alxou

Concernant MalwareByte's Anti-Malware, impossible de l'exécuter en mode sans échec ni en mode normal d'ailleurs. Suite au redémarrage j'ai une erreur "qqcrypt.dll" qui s'affiche.

l'affaire se corse on dirait...

@+++

Répondre à alxou

Bonsoir
ok, on fait autrement:
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

mais attention, vu que c'est bagle, il faut feinter pour que tu puisses lancer l'outil donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/sujet.asp?f=25&s=37315

Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Voici ce fameux rapport. Au niveau du téléchargement de Combofix, le lien et la méthode proposés m'ont été refusés. Je me suis donc débrouillé autrement.

"Admin" - 2008-12-13 14:59:15 Service Pack 3 [SAFE MODE]

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Bureau\"

((((((((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))))))))

2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-12-12 00:02 <REP> d-------- C:\Rooter$
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
2008-12-11 11:51 47,872 --a------ C:\WINDOWS\syscert.exe
2008-12-11 11:51 1,003,957 --a------ C:\WINDOWS\sysexplorer.exe
2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
2008-12-11 00:53 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-12-11 00:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
2008-12-11 00:23 <REP> d-------- C:\Program Files\Spyware Guard 2008
2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-12-10 19:51 583,699 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
2008-12-09 10:32 36,352 --a------ C:\WINDOWS\system32\ssqPhICR.dll
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
2008-12-09 09:44 65,024 --a------ C:\WINDOWS\system32\qoMdDtqq.dll
2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
2008-12-09 09:44 <REP> d-------- C:\Temp
2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
2008-12-08 17:27 <REP> d--h----- C:\LG3G
2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-12-13 13:37:51 86,020 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-12-13 13:37:51 501,134 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
2008-11-11 19:00:04 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
2008-10-17 11:49:29 -------- d-----w C:\Program Files\A-Ray Scanner
2008-10-17 11:17:03 -------- d-----w C:\Program Files\DiscScanX
2008-10-17 11:08:34 -------- d-----w C:\Program Files\DVD Shrink
2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-13 20:11:07 -------- d-----w C:\Program Files\GigaTribe
2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 09:28]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
{722AE731-70D2-4EED-B2C1-CD0AF2FCC3AE}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{92a676c1-daf6-4238-a965-5a8ee9d4dbc7}=C:\WINDOWS\system32\tezoom.dll [2008-12-11 13:02]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
"spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-11 11:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
"{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
ljJAqpNg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=tezoom.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
"C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

Contents of the 'Scheduled Tasks' folder
2008-12-11 23:00:02 C:\WINDOWS\tasks\cdthlaso.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 15:06:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

Completion time: 2008-12-13 15:09:41
C:\ComboFix-quarantined-files.txt ... 2008-12-13 15:09

--- E O F ---

@++

Message édité par alxou le 13-12-2008 à 15:22:43

Répondre à alxou

bonsoir
locazion crée ton topic

alxou, tu peux repasser combofix en mode normal ? je voudrais vérifier quelque chose.
poste le nouveau rapport stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir Sham_Rock, voici le rapport demandé en mode normal.

"Admin" - 2008-12-15 22:36:04 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\Bureau\"

((((((((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))))))

2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\qtyrhj.dll
2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\hatqihja.dll
2008-12-15 07:24 75,776 --a------ C:\WINDOWS\system32\cyfcghce.dll
2008-12-14 18:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-12-14 18:51 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-12-14 18:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-12-14 15:20 <REP> d-------- C:\Program Files\Spyware Guard 2008
2008-12-14 15:16 <REP> d-------- C:\Avenger
2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\skoxuhou.dll
2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\eumrvx.dll
2008-12-13 20:06 <REP> d-------- C:\Program Files\Lavasoft
2008-12-13 20:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-12-13 19:00 66,560 --a------ C:\WINDOWS\system32\geBtRljJ.dll
2008-12-13 18:59 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe
2008-12-13 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\wtdagl.dll
2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\naajosmh.dll
2008-12-13 15:32 75,776 --a------ C:\WINDOWS\system32\khjjpxup.dll
2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-12-12 00:02 <REP> d-------- C:\Rooter$
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-12-10 19:51 580,976 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
2008-12-09 09:44 <REP> d-------- C:\Temp
2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
2008-12-08 17:27 <REP> d--h----- C:\LG3G
2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-12-15 12:57:14 88,240 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-12-15 12:57:14 506,804 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-12-14 12:58:07 -------- d-----w C:\Program Files\Yahoo!
2008-12-14 12:50:58 -------- d-----w C:\Program Files\CCleaner
2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
2008-10-17 11:49:29 -------- d-----w C:\Program Files\A-Ray Scanner
2008-10-17 11:17:03 -------- d-----w C:\Program Files\DiscScanX
2008-10-17 11:08:34 -------- d-----w C:\Program Files\DVD Shrink
2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-09-15 15:26:07 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{139FF99C-F908-4C67-85BB-8E44030B5CCB}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{ba727358-62f4-439a-8237-13e21006b032}=C:\WINDOWS\system32\qtyrhj.dll [2008-12-15 13:39]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
"spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-14 15:20]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-12-14 18:32]
"80da8bad"="C:\WINDOWS\system32\cyfcghce.dll" [2008-12-15 07:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
"{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
ljJAqpNg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=qtyrhj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
"C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

Contents of the 'Scheduled Tasks' folder
2008-12-15 13:00:00 C:\WINDOWS\tasks\cdthlaso.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 22:46:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

Completion time: 2008-12-15 22:50:23
C:\ComboFix-quarantined-files.txt ... 2008-12-15 22:49
C:\ComboFix2.txt ... 2008-12-13 15:29
C:\ComboFix3.txt ... 2008-12-13 15:09

--- E O F ---

Merci @+

Répondre à alxou

re
tu as passé plusieurs fois combofix seul... ça ne m'aide pas.
Explique moi aussi comment tu t'es débroulllé pour ta version de ComboFix... je suis curieux de savoir où tu l'as récupéré et comment.

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\qtyrhj.dll
C:\WINDOWS\system32\hatqihja.dll
C:\WINDOWS\system32\cyfcghce.dll
C:\WINDOWS\system32\skoxuhou.dll
C:\WINDOWS\system32\eumrvx.dll
C:\WINDOWS\system32\geBtRljJ.dll
C:\Lavasoft_Adaware_multi.exe
C:\WINDOWS\system32\wtdagl.dll
C:\WINDOWS\system32\naajosmh.dll
C:\WINDOWS\system32\khjjpxup.dll
C:\WINDOWS\system32\tezoom.dll
C:\WINDOWS\system32\glsisvag.dll
C:\WINDOWS\system32\ljJAqpNg.dll
C:\WINDOWS\system32\vyphab.dll
C:\WINDOWS\system32\mjgduttr.dll
C:\WINDOWS\system32\kkmyceib.dll
C:\WINDOWS\system32\gdvxyyms.dll
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\vmreg.dll
C:\WINDOWS\reged.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
C:\WINDOWS\system32\vhsxduiu.dll
C:\WINDOWS\system32\pihuaa.dll
C:\WINDOWS\system32\DdeMSvut.ini2
C:\WINDOWS\system32\opnlIcyy.dll
C:\WINDOWS\system32\rqRLfeCU.dll
C:\WINDOWS\system32\jkkKaxVn.dll
C:\WINDOWS\system32\utehvl.dll
C:\WINDOWS\system32\jpcuaatd.dll
C:\WINDOWS\system32\lqotdwte.dll
C:\WINDOWS\system32\urqQkjJb.dll
C:\WINDOWS\system32\tuvSMedD.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
C:\WINDOWS\system32\iwuqcuod.dll

Folder::
C:\Program Files\Spyware Guard 2008
C:\Rooter$
C:\WINDOWS\system32\RS4
C:\WINDOWS\system32\AT
C:\WINDOWS\system32\uXPi02
C:\Temp\DIV55
C:\Documents and Settings\Admin\Application Data\gadcom

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{139FF99C-F908-4C67-85BB-8E44030B5CCB}=-
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=-
{ba727358-62f4-439a-8237-13e21006b032}=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spywareguard"=-
"80da8bad"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{4314C99B-5188-4EBC-A24D-4DE697340E82}"=-
"{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

+++++++++++++++++

Rends toi sur ce lien : Virus Total

Clique sur Parcourir
Rends toi jusque sur ce fichier si tu le trouves :

C:\Documents and Settings\Admin\gif.exe

Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

bonsoir
@ locazion, ton message a été effacé.
Merci de créer ton sujet.

On ne répondra pas sur celui-ci: Rappels de cette section

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir Sham_Rock,

Concernant le téléchargement j'ai fait une recherche sur google et je suis tombé sur un site qui permet de le télécharger. J'ai conservé le lien en me disant que cela pourrait servir à d'autres.

Depuis cette infection, l'accés à certains sites m'est carrément refusé (surtout ceux qui proposent des scan en ligne ou des téléchargements de logiciels d'analyse) ou me redirige vers un autre site.
Bien souvent il suffit de copier/coller l'adresse url verte située en dessous du lien pour accéder au site. Malheureusement cela ne fonctionne pas toujours.

Donc je n'ai malheureusement pas pu me rendre sur virustotal.com, ni sur jotti's virusScan. Toutes fois j'ai un scan de Kaspersky sous le coude si cela peut t'aider.

Voici malgré tout le rapport combofix après manipulation :

"Admin" - 2008-12-18 8:13:38 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Admin\"
Command switches used :: ""C:\Documents and Settings\Admin\Bureau\CFScript.txt""

((((((((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 ))))))))))))))))))))))))))))))))))

2008-12-17 15:17 124,928 --a------ C:\WINDOWS\system32\efcwgpyt.dll
2008-12-17 15:17 124,928 --a------ C:\WINDOWS\system32\boirne.dll
2008-12-17 15:15 75,776 --a------ C:\WINDOWS\system32\jocsyste.dll
2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\qtyrhj.dll
2008-12-15 13:39 124,416 --a------ C:\WINDOWS\system32\hatqihja.dll
2008-12-15 07:24 75,776 --a------ C:\WINDOWS\system32\cyfcghce.dll
2008-12-14 18:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-12-14 18:51 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-12-14 18:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-12-14 15:20 <REP> d-------- C:\Program Files\Spyware Guard 2008
2008-12-14 15:16 <REP> d-------- C:\Avenger
2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\skoxuhou.dll
2008-12-14 11:43 124,416 --a------ C:\WINDOWS\system32\eumrvx.dll
2008-12-13 20:06 <REP> d-------- C:\Program Files\Lavasoft
2008-12-13 20:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-12-13 19:00 66,560 --a------ C:\WINDOWS\system32\geBtRljJ.dll
2008-12-13 18:59 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe
2008-12-13 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\wtdagl.dll
2008-12-13 15:35 124,416 --a------ C:\WINDOWS\system32\naajosmh.dll
2008-12-13 15:32 75,776 --a------ C:\WINDOWS\system32\khjjpxup.dll
2008-12-12 00:17 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-12 00:17 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-12 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 00:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-12-12 00:02 <REP> d-------- C:\Rooter$
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\tezoom.dll
2008-12-11 13:02 124,416 --a------ C:\WINDOWS\system32\glsisvag.dll
2008-12-11 10:53 <REP> d-------- C:\Program Files\Avira
2008-12-11 10:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-12-11 09:04 <REP> d--hs---- C:\WINDOWS\CSC
2008-12-11 01:06 36,864 --a------ C:\WINDOWS\system32\ljJAqpNg.dll
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\vyphab.dll
2008-12-11 00:47 123,904 --a------ C:\WINDOWS\system32\mjgduttr.dll
2008-12-11 00:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2008-12-11 00:44 75,776 --------- C:\WINDOWS\system32\kkmyceib.dll
2008-12-11 00:33 75,776 --------- C:\WINDOWS\system32\gdvxyyms.dll
2008-12-11 00:23 51,197 --a------ C:\WINDOWS\spoolsystem.exe
2008-12-11 00:23 50,620 --a------ C:\WINDOWS\sys.com
2008-12-11 00:23 384,512 --a------ C:\WINDOWS\system32\winscenter.exe
2008-12-11 00:23 18,941 --a------ C:\WINDOWS\vmreg.dll
2008-12-11 00:23 134,149 --a------ C:\WINDOWS\reged.exe
2008-12-11 00:22 26,629 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\vhsxduiu.dll
2008-12-11 00:22 123,904 --a------ C:\WINDOWS\system32\pihuaa.dll
2008-12-11 00:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-12-10 19:51 572,402 --ahs---- C:\WINDOWS\system32\DdeMSvut.ini2
2008-12-10 17:36 36,864 --a------ C:\WINDOWS\system32\opnlIcyy.dll
2008-12-10 17:25 36,864 --a------ C:\WINDOWS\system32\rqRLfeCU.dll
2008-12-10 15:58 36,864 --a------ C:\WINDOWS\system32\jkkKaxVn.dll
2008-12-10 14:29 3,670,016 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 3,670,016 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-12-10 14:29 <REP> dr------- C:\Documents and Settings\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\Documents and Settings\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2008-12-10 14:29 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\Documents and Settings\ADMINI~1\Bureau
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2008-12-10 14:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\utehvl.dll
2008-12-10 14:25 123,904 --a------ C:\WINDOWS\system32\jpcuaatd.dll
2008-12-10 14:22 75,776 --a------ C:\WINDOWS\system32\lqotdwte.dll
2008-12-10 14:22 36,864 --a------ C:\WINDOWS\system32\urqQkjJb.dll
2008-12-10 13:49 295,424 --------- C:\WINDOWS\system32\tuvSMedD.dll
2008-12-09 19:56 23,294 --a------ C:\DOCUME~1\Admin\gif.exe
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\ivwglrix.dll
2008-12-09 09:53 124,928 --a------ C:\WINDOWS\system32\bsjmez.dll
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\RS4
2008-12-09 09:45 <REP> d-------- C:\WINDOWS\system32\AT
2008-12-09 09:44 <REP> d-------- C:\WINDOWS\system32\uXPi02
2008-12-09 09:44 <REP> d-------- C:\Temp\DIV55
2008-12-09 09:44 <REP> d-------- C:\Temp
2008-12-08 17:43 <REP> d--h----- C:\DOCUME~1\Admin\APPLIC~1\drivers
2008-12-08 17:27 <REP> d--h----- C:\LG3G
2008-12-08 17:26 <REP> d-------- C:\DOCUME~1\Admin\APPLIC~1\LG Electronics
2008-12-08 17:22 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-12-08 17:22 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-12-08 17:22 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-12-08 17:22 <REP> d-------- C:\Program Files\LG Electronics
2008-12-08 17:20 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-11-25 14:03 410,984 --a------ C:\WINDOWS\system32\deploytk.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-12-18 07:05:27 88,684 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-12-18 07:05:27 507,938 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-12-14 12:58:07 -------- d-----w C:\Program Files\Yahoo!
2008-12-14 12:50:58 -------- d-----w C:\Program Files\CCleaner
2008-12-10 18:36:06 -------- d-----w C:\Program Files\Sleepy
2008-12-09 22:31:24 -------- d-----w C:\Program Files\Red Kawa
2008-12-08 17:00:42 -------- d-----w C:\Program Files\eMule
2008-12-08 16:24:48 -------- d-----w C:\Program Files\DivX
2008-12-08 16:22:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\OpenOffice.org2
2008-11-21 11:40:34 2,034 ----a-w C:\DOCUME~1\Admin\APPLIC~1\SAS7_000.DAT
2008-11-07 15:15:09 -------- d-----w C:\Program Files\Skype
2008-11-01 16:07:49 -------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-10-30 17:52:33 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2008-10-30 17:52:33 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\skypePM
2008-10-27 13:28:53 -------- d-----w C:\Program Files\Guitar Pro 5
2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-21 07:02:45 -------- d-----w C:\Program Files\Microsoft.NET
2008-10-20 17:37:49 -------- d-----w C:\Program Files\FileZilla FTP Client
2008-10-18 09:38:05 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\GigaTribe
2008-10-16 13:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-02-20 00:05:54 13,560 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4cabb31c-fffd-43d9-9966-637c57bab422}=C:\WINDOWS\system32\boirne.dll [2008-12-17 15:17]
{5D6201CF-4426-49DF-8549-B9E40894C476}=C:\WINDOWS\system32\tuvSMedD.dll [2008-12-10 13:49]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ljJAqpNg.dll [2008-12-11 01:06]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28]
"spywareguard"="C:\Program Files\Spyware Guard 2008\spywareguard.exe" [2008-12-14 15:20]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-12-14 18:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ljJAqpNg.dll" [2008-12-11 01:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{4314C99B-5188-4EBC-A24D-4DE697340E82}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" [2008-12-11 00:23]
"{BDA5FC06-81F9-46B9-83D3-6E137BF48D57}"="C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll" [2008-12-11 00:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAqpNg]
ljJAqpNg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=boirne.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\tuvSMedD

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wd.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80da8bad]
rundll32.exe "C:\WINDOWS\system32\iwuqcuod.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadcom]
"C:\Documents and Settings\Admin\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

Contents of the 'Scheduled Tasks' folder
2008-12-18 06:46:52 C:\WINDOWS\tasks\cdthlaso.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 08:22:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"

Completion time: 2008-12-18 8:27:04
C:\ComboFix-quarantined-files.txt ... 2008-12-18 08:26
C:\ComboFix2.txt ... 2008-12-15 22:50
C:\ComboFix3.txt ... 2008-12-13 15:29

--- E O F ---

Merci. @++

Message édité par alxou le 18-12-2008 à 17:51:16

Répondre à alxou

re
ça n'a pas marché... quand je pense que j'ai passé au moins une demie heure sur ton rapport pour rien...
cette fois ci, il faut que ça marche.

supprime ta version de combofix et supprime C:\QooBox
puis prends la mienne mais ne la lance pas. Mets là bien sur le bureau.

http://www.sendspace.com/file/pq70td

après tu fais le copier/coller du script comme expliqué ci dessus.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Re bonsoir,

J'ai donc effectué le scan avec ton "combofix". Le déroulement de la procédure a été différent que celui que j'utilisais précédemment.

Point positif : Windows securiy center et spyware guard 2008 ne se lancent plus. (J'éspère que je ne parle pas trop vite). Mais l'icone de ce dernier est toujours présent sur mon bureau.

Voici donc le rapport :

ComboFix 08-12-16.03 - Admin 2008-12-19 0:06:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.479 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Admin\Bureau\combo-fix.exe
Commutateurs utilisés :: C:\Documents and Settings\Admin\Bureau\CFScript.txt

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\svhost.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Lavasoft_Adaware_multi.exe
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\system32\cyfcghce.dll
C:\WINDOWS\system32\DdeMSvut.ini2
C:\WINDOWS\system32\eumrvx.dll
C:\WINDOWS\system32\gdvxyyms.dll
C:\WINDOWS\system32\geBtRljJ.dll
C:\WINDOWS\system32\glsisvag.dll
C:\WINDOWS\system32\hatqihja.dll
C:\WINDOWS\system32\iwuqcuod.dll
C:\WINDOWS\system32\jkkKaxVn.dll
C:\WINDOWS\system32\jpcuaatd.dll
C:\WINDOWS\system32\khjjpxup.dll
C:\WINDOWS\system32\kkmyceib.dll
C:\WINDOWS\system32\ljJAqpNg.dll
C:\WINDOWS\system32\lqotdwte.dll
C:\WINDOWS\system32\mjgduttr.dll
C:\WINDOWS\system32\naajosmh.dll
C:\WINDOWS\system32\opnlIcyy.dll
C:\WINDOWS\system32\pihuaa.dll
C:\WINDOWS\system32\qtyrhj.dll
C:\WINDOWS\system32\rqRLfeCU.dll
C:\WINDOWS\system32\skoxuhou.dll
C:\WINDOWS\system32\tezoom.dll
C:\WINDOWS\system32\tuvSMedD.dll
C:\WINDOWS\system32\urqQkjJb.dll
C:\WINDOWS\system32\utehvl.dll
C:\WINDOWS\system32\vhsxduiu.dll
C:\WINDOWS\system32\vyphab.dll
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\wtdagl.dll
C:\WINDOWS\vmreg.dll
.

Merci @++

Répondre à alxou

bonsoir
le rapport n'est pas complet
Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir,

effectivement l'ordinateur s'est bloqué lorsque combofix était en train d'élaborer son rapport d'ou le fait qu'il soit incomplet. Faut il que je refasse un scan ?

Au fait, toujours pas de nouvelle de la part de windows security center, et de spyware guard 2008.
Par contre je suis toujours redirigé vers d'autres sites pendant ma navigation sur IE et Firefox.

Merci

Message édité par alxou le 20-12-2008 à 00:34:37

Répondre à alxou

bonsoir
refais un passage en mode sans échec stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir,

Je te tiens au courant

Répondre à alxou

Voici le scan en mode sans échec. Bon courage et merci

ComboFix 08-12-16.03 - Admin 2008-12-20 23:01:58.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.624 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\combo-fix.exe
Commutateurs utilisés :: c:\documents and settings\Admin\Bureau\CFScript.txt

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\docume~1\ALLUSE~1\APPLIC~1\svhost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Lavasoft_Adaware_multi.exe
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\system32\cyfcghce.dll
c:\windows\system32\DdeMSvut.ini2
c:\windows\system32\eumrvx.dll
c:\windows\system32\gdvxyyms.dll
c:\windows\system32\geBtRljJ.dll
c:\windows\system32\glsisvag.dll
c:\windows\system32\hatqihja.dll
c:\windows\system32\iwuqcuod.dll
c:\windows\system32\jkkKaxVn.dll
c:\windows\system32\jpcuaatd.dll
c:\windows\system32\khjjpxup.dll
c:\windows\system32\kkmyceib.dll
c:\windows\system32\ljJAqpNg.dll
c:\windows\system32\lqotdwte.dll
c:\windows\system32\mjgduttr.dll
c:\windows\system32\naajosmh.dll
c:\windows\system32\opnlIcyy.dll
c:\windows\system32\pihuaa.dll
c:\windows\system32\qtyrhj.dll
c:\windows\system32\rqRLfeCU.dll
c:\windows\system32\skoxuhou.dll
c:\windows\system32\tezoom.dll
c:\windows\system32\tuvSMedD.dll
c:\windows\system32\urqQkjJb.dll
c:\windows\system32\utehvl.dll
c:\windows\system32\vhsxduiu.dll
c:\windows\system32\vyphab.dll
c:\windows\system32\winscenter.exe
c:\windows\system32\wtdagl.dll
c:\windows\vmreg.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\anctcekq.ini
c:\windows\system32\bdmystvk.ini
c:\windows\system32\biecymkk.ini
c:\windows\system32\doucquwi.ini
c:\windows\system32\drivers\TDSSpplt.sys
c:\windows\system32\echgcfyc.ini
c:\windows\system32\etsyscoj.ini
c:\windows\system32\puqfsnob.ini
c:\windows\system32\puxpjjhk.ini
c:\windows\system32\pyrcqqng.ini
c:\windows\system32\smyyxvdg.ini
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnvuo.dll
c:\windows\system32\TDSSoity.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\UwxFLkkj.ini
.
---- Previous Run -------
.
c:\docume~1\ALLUSE~1\APPLIC~1\svhost.exe
c:\documents and settings\Admin\Application Data\drivers\downld
c:\documents and settings\Admin\Application Data\drivers\downld\15222234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15224625.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15224984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15265375.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15295312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15295781.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15296281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15296687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15387062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15387125.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15387140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15414593.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15416140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15416578.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15418031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15419453.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15419921.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15450812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15451734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15452250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15522812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15523171.exe
c:\documents and settings\Admin\Application Data\drivers\downld\15523234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\174531.exe
c:\documents and settings\Admin\Application Data\drivers\downld\176125.exe
c:\documents and settings\Admin\Application Data\drivers\downld\176640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\178312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\184015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\185687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\186156.exe
c:\documents and settings\Admin\Application Data\drivers\downld\187203.exe
c:\documents and settings\Admin\Application Data\drivers\downld\192125.exe
c:\documents and settings\Admin\Application Data\drivers\downld\193859.exe
c:\documents and settings\Admin\Application Data\drivers\downld\194234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\195000.exe
c:\documents and settings\Admin\Application Data\drivers\downld\197593.exe
c:\documents and settings\Admin\Application Data\drivers\downld\197781.exe
c:\documents and settings\Admin\Application Data\drivers\downld\198015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\198281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\198484.exe
c:\documents and settings\Admin\Application Data\drivers\downld\199218.exe
c:\documents and settings\Admin\Application Data\drivers\downld\199656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\200140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\200812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\201296.exe
c:\documents and settings\Admin\Application Data\drivers\downld\209625.exe
c:\documents and settings\Admin\Application Data\drivers\downld\211265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\211656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\217109.exe
c:\documents and settings\Admin\Application Data\drivers\downld\251656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\258703.exe
c:\documents and settings\Admin\Application Data\drivers\downld\259968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\260875.exe
c:\documents and settings\Admin\Application Data\drivers\downld\262375.exe
c:\documents and settings\Admin\Application Data\drivers\downld\266078.exe
c:\documents and settings\Admin\Application Data\drivers\downld\266203.exe
c:\documents and settings\Admin\Application Data\drivers\downld\267984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\270640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\271015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\272046.exe
c:\documents and settings\Admin\Application Data\drivers\downld\272578.exe
c:\documents and settings\Admin\Application Data\drivers\downld\277312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\277953.exe
c:\documents and settings\Admin\Application Data\drivers\downld\277968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\278953.exe
c:\documents and settings\Admin\Application Data\drivers\downld\279656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\279968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\288984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\290250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\290828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\293250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\294343.exe
c:\documents and settings\Admin\Application Data\drivers\downld\294781.exe
c:\documents and settings\Admin\Application Data\drivers\downld\297015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\298406.exe
c:\documents and settings\Admin\Application Data\drivers\downld\298921.exe
c:\documents and settings\Admin\Application Data\drivers\downld\29947203.exe
c:\documents and settings\Admin\Application Data\drivers\downld\29948890.exe
c:\documents and settings\Admin\Application Data\drivers\downld\29949265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\300187.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30043468.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30044046.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30044421.exe
c:\documents and settings\Admin\Application Data\drivers\downld\300984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30129250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30129265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\301500.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30151484.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30152828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30153265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30154406.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30155718.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30156156.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30188859.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30189500.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30190265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30280062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30280406.exe
c:\documents and settings\Admin\Application Data\drivers\downld\30280468.exe
c:\documents and settings\Admin\Application Data\drivers\downld\315687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\316140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\316453.exe
c:\documents and settings\Admin\Application Data\drivers\downld\317640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\320125.exe
c:\documents and settings\Admin\Application Data\drivers\downld\320546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\322359.exe
c:\documents and settings\Admin\Application Data\drivers\downld\322843.exe
c:\documents and settings\Admin\Application Data\drivers\downld\323281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\355031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\355578.exe
c:\documents and settings\Admin\Application Data\drivers\downld\355640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\357156.exe
c:\documents and settings\Admin\Application Data\drivers\downld\357875.exe
c:\documents and settings\Admin\Application Data\drivers\downld\358031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\372250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\373640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\374125.exe
c:\documents and settings\Admin\Application Data\drivers\downld\375343.exe
c:\documents and settings\Admin\Application Data\drivers\downld\376203.exe
c:\documents and settings\Admin\Application Data\drivers\downld\376359.exe
c:\documents and settings\Admin\Application Data\drivers\downld\376734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\376812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\377187.exe
c:\documents and settings\Admin\Application Data\drivers\downld\377281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\382484.exe
c:\documents and settings\Admin\Application Data\drivers\downld\383453.exe
c:\documents and settings\Admin\Application Data\drivers\downld\384140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\384281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\384421.exe
c:\documents and settings\Admin\Application Data\drivers\downld\386750.exe
c:\documents and settings\Admin\Application Data\drivers\downld\387812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\388234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\395531.exe
c:\documents and settings\Admin\Application Data\drivers\downld\396687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\396828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\406234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\406765.exe
c:\documents and settings\Admin\Application Data\drivers\downld\407109.exe
c:\documents and settings\Admin\Application Data\drivers\downld\409812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\410218.exe
c:\documents and settings\Admin\Application Data\drivers\downld\410546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\416062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\417531.exe
c:\documents and settings\Admin\Application Data\drivers\downld\418437.exe
c:\documents and settings\Admin\Application Data\drivers\downld\420031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\422328.exe
c:\documents and settings\Admin\Application Data\drivers\downld\423000.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4300859.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4303062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4303484.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4304390.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4305234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4305468.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4306546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4309046.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4309453.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4387734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4388328.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4406296.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4407500.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4408015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4409656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4410531.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4411015.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4433046.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4433484.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4433796.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4487734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4489250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\4489312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\451890.exe
c:\documents and settings\Admin\Application Data\drivers\downld\452359.exe
c:\documents and settings\Admin\Application Data\drivers\downld\452765.exe
c:\documents and settings\Admin\Application Data\drivers\downld\467312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\467812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\467875.exe
c:\documents and settings\Admin\Application Data\drivers\downld\481031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\481625.exe
c:\documents and settings\Admin\Application Data\drivers\downld\481687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\538281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\539093.exe
c:\documents and settings\Admin\Application Data\drivers\downld\539281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\583703.exe
c:\documents and settings\Admin\Application Data\drivers\downld\599671.exe
c:\documents and settings\Admin\Application Data\drivers\downld\600953.exe
c:\documents and settings\Admin\Application Data\drivers\downld\601437.exe
c:\documents and settings\Admin\Application Data\drivers\downld\602718.exe
c:\documents and settings\Admin\Application Data\drivers\downld\628562.exe
c:\documents and settings\Admin\Application Data\drivers\downld\628734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\629546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\630968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\631281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\700828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\701531.exe
c:\documents and settings\Admin\Application Data\drivers\downld\701546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\719609.exe
c:\documents and settings\Admin\Application Data\drivers\downld\720890.exe
c:\documents and settings\Admin\Application Data\drivers\downld\721312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\722312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\723062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\723656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\743890.exe
c:\documents and settings\Admin\Application Data\drivers\downld\744312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\744750.exe
c:\documents and settings\Admin\Application Data\drivers\downld\799656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\800250.exe
c:\documents and settings\Admin\Application Data\drivers\downld\800312.exe
c:\documents and settings\Admin\Application Data\drivers\srosa2.sys
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\axsxgbvkti.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
C:\InfoSat.txt
C:\Lavasoft_Adaware_multi.exe
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\vbase.vdb
C:\Rooter$
c:\rooter$\iNv.exe
c:\rooter$\kill.reg
c:\rooter$\KillD.txt
c:\rooter$\KillF.txt
c:\rooter$\lsTasks.exe
c:\rooter$\OS.vbs
c:\rooter$\OS_v.txt
c:\rooter$\OsV.exe
c:\rooter$\paths.bat
c:\rooter$\RKit.lsd
c:\rooter$\RoGUeS.lsd
c:\rooter$\Rooter.txt
c:\rooter$\Rooter_1.txt
c:\rooter$\RooterT.cmd
c:\rooter$\RunTool.txt
c:\rooter$\sed.exe
c:\rooter$\setpath.exe
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\system32\AT
c:\windows\system32\boirne.dll
c:\windows\system32\bsjmez.dll
c:\windows\system32\cyfcghce.dll
c:\windows\system32\DdeMSvut.ini
c:\windows\system32\DdeMSvut.ini2
c:\windows\system32\efcwgpyt.dll
c:\windows\system32\eumrvx.dll
c:\windows\system32\gdvxyyms.dll
c:\windows\system32\geBtRljJ.dll
c:\windows\system32\glsisvag.dll
c:\windows\system32\hatqihja.dll
c:\windows\system32\ivwglrix.dll
c:\windows\system32\jkkKaxVn.dll
c:\windows\system32\jocsyste.dll
c:\windows\system32\jpcuaatd.dll
c:\windows\system32\kesjbq.dll
c:\windows\system32\khjjpxup.dll
c:\windows\system32\kkmyceib.dll
c:\windows\system32\kvtsymdb.dll
c:\windows\system32\ljJAqpNg.dll
c:\windows\system32\lqotdwte.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mjgduttr.dll
c:\windows\system32\naajosmh.dll
c:\windows\system32\opnlIcyy.dll
c:\windows\system32\pihuaa.dll
c:\windows\system32\qbrbge.dll
c:\windows\system32\qkectcna.dll
c:\windows\system32\qtyrhj.dll
c:\windows\system32\rqRLfeCU.dll
c:\windows\system32\RS4
c:\windows\system32\skoxuhou.dll
c:\windows\system32\sxwqtwyn.dll
c:\windows\system32\tezoom.dll
c:\windows\system32\tuvSMedD.dll
c:\windows\system32\urqQkjJb.dll
c:\windows\system32\utehvl.dll
c:\windows\system32\uXPi02
c:\windows\system32\verlllgg.dll
c:\windows\system32\vhsxduiu.dll
c:\windows\system32\vyphab.dll
c:\windows\system32\winscenter.exe
c:\windows\system32\wtdagl.dll
c:\windows\Tasks\cdthlaso.job
c:\windows\vmreg.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-20 au 2008-12-20 ))))))))))))))))))))))))))))))))))))
.

2008-12-19 01:14 . 2008-12-19 01:19 593 --a------ c:\windows\imsins.BAK
2008-12-19 01:10 . 2008-12-19 01:10 <REP> d-------- c:\program files\MAM
2008-12-19 01:10 . 2008-12-19 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 01:10 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 01:10 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 18:31 . 2008-12-18 23:38 <REP> d-------- c:\program files\ESET
2008-12-13 20:06 . 2008-12-13 20:06 <REP> d-------- c:\program files\Lavasoft
2008-12-13 20:06 . 2008-12-13 20:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-13 18:58 . 2008-12-13 18:58 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-13 15:09 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe
2008-12-11 10:53 . 2008-12-11 10:53 <REP> d-------- c:\program files\Avira
2008-12-11 10:53 . 2008-12-11 10:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-11 09:43 . 2008-12-11 09:43 0 --ahs---- c:\windows\klif.spi
2008-12-11 00:47 . 2008-12-11 00:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-11 00:19 . 2008-12-11 00:29 <REP> d-------- c:\windows\BDOSCAN8
2008-12-10 16:06 . 2008-12-19 09:02 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-10 16:06 . 2008-12-10 16:06 1,409 --a------ c:\windows\QTFont.for
2008-12-10 14:29 . 2008-02-11 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-10 14:29 . 2008-02-11 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-10 14:29 . 2008-02-11 20:05 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-10 14:29 . 2008-02-11 20:59 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-10 14:29 . 2008-02-11 20:59 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-10 14:29 . 2008-02-11 20:09 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-10 14:29 . 2008-02-11 20:59 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-10 14:29 . 2008-12-10 14:29 <REP> d-------- c:\documents and settings\Administrateur
2008-12-09 19:56 . 2008-12-09 19:56 23,294 --a------ c:\documents and settings\Admin\gif.exe
2008-12-09 09:44 . 2008-12-19 00:08 <REP> d-------- C:\Temp
2008-12-08 17:43 . 2008-12-19 00:19 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers
2008-12-08 17:27 . 2008-12-08 18:47 <REP> d--h----- C:\LG3G
2008-12-08 17:26 . 2008-12-08 17:26 <REP> d-------- c:\documents and settings\Admin\Application Data\LG Electronics
2008-12-08 17:22 . 2008-12-08 17:22 <REP> d-------- c:\program files\LG Electronics
2008-12-08 17:22 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-08 17:22 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-08 17:22 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-08 17:20 . 2008-12-08 17:21 <REP> d-------- c:\program files\LG PC Suite 2
2008-11-25 14:03 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 12:58 --------- d-----w c:\program files\Yahoo!
2008-12-14 12:50 --------- d-----w c:\program files\CCleaner
2008-12-10 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-10 23:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 18:36 --------- d-----w c:\program files\Sleepy
2008-12-09 22:31 --------- d-----w c:\program files\Red Kawa
2008-12-08 17:00 --------- d-----w c:\program files\eMule
2008-12-08 16:24 --------- d-----w c:\program files\DivX
2008-12-08 16:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 19:30 --------- d-----w c:\documents and settings\Admin\Application Data\OpenOffice.org2
2008-12-03 14:48 --------- d-----w c:\program files\Java
2008-11-21 11:40 2,034 ----a-w c:\documents and settings\Admin\Application Data\SAS7_000.DAT
2008-11-20 14:13 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-07 15:15 --------- d-----w c:\program files\Skype
2008-11-01 16:07 --------- d-----w c:\program files\Fichiers communs\Vbox
2008-10-30 17:52 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2008-10-30 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-27 13:28 --------- d-----w c:\program files\Guitar Pro 5
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 07:02 --------- d-----w c:\program files\Microsoft.NET
2008-10-20 17:37 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-20 00:05 13,560 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-11 00:26 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S0 Nqt60;Nqt60;c:\windows\system32\Drivers\Nqt60.sys []
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Admin\LOCALS~1\Temp\ewdmaudn.sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-05 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-05 8320]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2008-10-28 138112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6befc6b0-d8eb-11dc-b85b-00507034516b}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99e6d0ec-c5c7-11dd-b9d7-00507034516b}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\ljJAqpNg.dll
BHO-{B319EDB4-5940-4D1E-82DA-C6AF858F7540} - c:\windows\system32\tuvSMedD.dll
BHO-{ccae1011-2502-41a9-aa24-ed064f430ca8} - c:\windows\system32\qbrbge.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
MSConfigStartUp-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.defaulthomepage.info/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ekvb4ueb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ekvb4ueb.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 23:04:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpplt.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(276)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-20 23:05:21
ComboFix-quarantined-files.txt 2008-12-20 22:04:48

Avant-CF: 58,159,280,128 octets libres
Après-CF: 58,146,136,064 octets libres

546 --- E O F --- 2008-12-19 00:21:07

Répondre à alxou

re
tu dois pouvoir faire un passage avec Malwarebytes maintenant

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonjour Sham_Rock,

Voici le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 3

23/12/2008 13:30:19
mbam-log-2008-12-23 (13-30-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132275
Temps écoulé: 14 hour(s), 38 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Application Data\drivers\srosa2.sys.vir (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnvuo.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoity.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvoql.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpplt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000001.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8F4F4260-8CE7-4C40-B6C5-1359E4748B36}\RP0\A0000005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

Voilà.

Merci ;-)

Répondre à alxou

re
bien
comment se comporte ton pc?
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

Autorise les Active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
Poste un nouveau rapport Hijackthis.

Aide : Comment faire un scan en ligne avec Kaspersky.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Alerte "Windows security center" +lancement "SPYWARE GUARD 2008"

Forum Sécurité - Virus : Alerte "Windows security center" +lancement "SPYWARE GUARD 2008"

Attention