[Résolu] PC infecté par : Packed.Win32.Monder.gen - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
  

FORUM Infos-du-Net

»

Sécurité - Virus

»

[Résolu] PC infecté par : Packed.Win32.Monder.gen


Sujet auquel vous répondez
Sujet : [Résolu] PC infecté par : Packed.Win32.Monder.gen
Angeldark Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Votre réponse
Nom d'utilisateur    Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Le ton de votre message                        
                       
Votre réponse


Smilies
 
:pfff:
:ange:
:non:
:bounce:
:)
:(
:D
;)
:ouch:
:o
:??:
:p
:na:
:sarcastic:
:fou:
:pt1cable:
:lol:
:wahoo:
:kaola:
:love:
:heink:
:cry:
:whistle:
:sol:
:sleep:
:sweat:
:hello:
 

Liste des smilies perso
[b] [i] [u] [strike] [spoiler] [fixed] [cpp] [url] [email] [img] [flash] Insérer un code de video fourni [*]  
 
   [quote]
 
Options

 
Vous avez perdu votre mot de passe ?


Vue Rapide de la discussion
Angeldark Bon surf ;)
sergio1907 Le rapport ToolsCleaner :


-->- Recherche:

C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !




Merci à Toi Angeldark!!
Angeldark Ok ;)

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)


Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" http://img.infos-du-net.com/forum/ [...] 3/edit.gif
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


http://www.malekal.com/fichiers/pr [...] iniban.gif
sergio1907 Oui oui, on voit la différence entre avant et aprés.
Un grand merci à toi Angeldark, j'aurai jamais réussi sans ton aide.
Je vais refaire une analyse complète du pc et je te tient au courant, mais il ne doit plus rien resté. Je recevais plein de pub CID mais là plus rien.
Merci encore une fois et bravo.
Angeldark C'est mieux ?
sergio1907 Le rapport Combofix
ps: je n'est pas eu à faire 1 puis valide, mais je pense que c'est bon

ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:40:54.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Selçuk\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\cmunpxnq.ini
C:\WINDOWS\system32\gjmjgooa.ini
C:\WINDOWS\system32\lubrtbdj.ini
C:\WINDOWS\system32\mlkcucwr.ini
C:\WINDOWS\system32\shptwdpj.ini
C:\WINDOWS\system32\tlwjcafm.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\0
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\Soap Tool 64 Grim.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\uarczsyq.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\wmaaimbold.exe
C:\WINDOWS\system32\cmunpxnq.ini
C:\WINDOWS\system32\gjmjgooa.ini
C:\WINDOWS\system32\lubrtbdj.ini
C:\WINDOWS\system32\mlkcucwr.ini
C:\WINDOWS\system32\shptwdpj.ini
C:\WINDOWS\system32\tlwjcafm.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Program Files\Nero
2008-04-11 22:06 . 2008-04-11 22:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-11 21:57 . 2008-04-11 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 21:41 . 2008-04-18 20:58 1,350 --a------ C:\WINDOWS\mozver.dat
2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 20:35 --------- d-----w C:\Program Files\CA
2008-04-11 20:13 --------- d-----w C:\Program Files\Java
2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 18:41:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 18:42:08
ComboFix-quarantined-files.txt 2008-04-23 16:42:03
ComboFix2.txt 2008-04-23 16:11:31
ComboFix3.txt 2008-04-22 20:01:47

Pre-Run: 72,978,587,648 octets libres
Post-Run: 72,958,029,824 octets libres

313 --- E O F --- 2008-04-13 19:48:04




Le rapport Hijachthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:34, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 6571234203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 6571226250
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11928 bytes
Angeldark Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\cmunpxnq.ini
C:\WINDOWS\system32\tlwjcafm.ini
C:\WINDOWS\system32\gjmjgooa.ini
C:\WINDOWS\system32\lubrtbdj.ini
C:\WINDOWS\system32\shptwdpj.ini
C:\WINDOWS\system32\mlkcucwr.ini

Folder::
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag 1"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums [...] Script.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
sergio1907 Le scan Combofix


ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:10:15.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 2:00]
Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-21 21:13 . 2008-04-22 14:24 1,541,209 ---hs---- C:\WINDOWS\system32\cmunpxnq.ini
2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-20 21:19 . 2008-04-21 21:09 766 ---hs---- C:\WINDOWS\system32\tlwjcafm.ini
2008-04-19 21:18 . 2008-04-20 21:19 586 ---hs---- C:\WINDOWS\system32\gjmjgooa.ini
2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 21:16 . 2008-04-19 21:16 354 ---hs---- C:\WINDOWS\system32\lubrtbdj.ini
2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
2008-04-18 00:03 . 2008-04-18 12:58 1,529,129 ---hs---- C:\WINDOWS\system32\shptwdpj.ini
2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
2008-04-17 04:50 . 2008-04-17 23:48 1,529,361 ---hs---- C:\WINDOWS\system32\mlkcucwr.ini
2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 20:35 --------- d-----w C:\Program Files\CA
2008-04-11 20:13 --------- d-----w C:\Program Files\Java
2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
C:\WINDOWS\system32\urqqrpPI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Flag 1"="C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe" [2008-04-11 20:34 450560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
ssqRKbXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
C:\WINDOWS\system32\jpdwtphs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]
C:\WINDOWS\system32\sducpowk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 18:10:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 18:11:31
ComboFix-quarantined-files.txt 2008-04-23 16:11:22
ComboFix2.txt 2008-04-22 20:01:47

Pre-Run: 73,026,596,864 octets libres
Post-Run: 73,012,682,752 octets libres

297 --- E O F --- 2008-04-13 19:48:04
Angeldark Refais un scan Combofix.
sergio1907 Le rapport MalwareByte's


Malwarebytes' Anti-Malware 1.11
Version de la base de données: 672

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 119519
Temps écoulé: 23 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhsxsrk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfFUMCV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP53\A0007711.dll (Trojan.Vundo) -> Quarantin