Supprimer spyware guard 2009

voila le rapport aprés l'ztape 2

SmitFraudFix v2.388

Rapport fait à 15:13:29,39, 14/01/2009
Executé à partir de C:\Documents and Settings\louise rangheard\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\reged.exe supprimé
C:\WINDOWS\spoolsystem.exe supprimé
C:\WINDOWS\sys.com supprimé
C:\WINDOWS\syscert.exe supprimé
C:\WINDOWS\sysexplorer.exe supprimé
C:\WINDOWS\vmreg.dll supprimé
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe supprimé
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et j'ai trouvé le fichier systeme commençant pas TDSS.
En rallumant mon ordinateur, AVG (que je vais supprimer pour avoir avast) ma trouvé des infections et spyware guard ne s'est pas rallumer.
par contre, il y a toujours une version en anglais du centre de sécurité windows qui me dit que je n'ai pas d'antivirus, alors que quand je passe par le panneau de configuration, il me dit que je suis protégée avec AVG.
Est-ce que je dois m'inquiéter??

salut j'ai eu le meme pb avec system guard 2009 je fait tous ke tu as dit et je tenvoi donc es rapport voila

ComboFix 09-01-21.04 - baptiste 2009-01-27 23:14:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.525 [GMT 1:00]
Lancé depuis: c:\documents and settings\baptiste\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517C.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517O.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517P.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517S.manifest
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss.dat
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss.exe
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss_nav.dat
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss_navps.dat
c:\windows\GnuHashes.ini
c:\windows\system32\4.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\hpowiax4.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.

2009-01-27 23:16 . 2009-01-27 23:17 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest
2009-01-27 23:14 . 2009-01-27 23:14 <REP> d-------- C:\quarantine
2009-01-27 19:00 . 2009-01-27 19:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 19:00 . 2009-01-27 19:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 13:19 . 2009-01-26 13:19 135,168 --a------ c:\windows\system32\dpnaddr32.dll
2009-01-17 13:19 . 2009-01-17 13:19 <REP> d-------- c:\program files\Custom-Strike
2009-01-17 13:19 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-15 12:57 . 2009-01-15 14:21 <REP> d-------- c:\program files\ThunderScRipT
2009-01-11 22:27 . 2009-01-11 22:27 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-01-05 13:31 . 2009-01-05 13:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-05 12:17 . 2009-01-13 21:53 <REP> d-------- c:\program files\Google
2009-01-01 11:10 . 2009-01-05 13:22 <REP> d-------- c:\documents and settings\baptiste\Tracing
2009-01-01 11:07 . 2009-01-06 08:55 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-01 11:06 . 2009-01-01 11:06 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-01 11:02 . 2009-01-01 11:02 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-29 10:57 . 2008-12-29 10:57 <REP> d-------- c:\program files\Fichiers communs\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 22:16 --------- d-----w c:\program files\SuperCopier2
2009-01-27 22:16 --------- d-----w c:\program files\Steam
2009-01-27 20:36 --------- d-----w c:\program files\Logitech
2009-01-27 12:12 --------- d-----w c:\documents and settings\baptiste\Application Data\mIRC
2009-01-27 09:09 --------- d-----w c:\program files\mIRC
2009-01-26 12:31 --------- d-----w c:\documents and settings\baptiste\Application Data\LimeWire
2009-01-17 12:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 12:19 --------- d-----w c:\program files\PowerArchiver
2009-01-10 22:20 --------- d-----w c:\documents and settings\baptiste\Application Data\teamspeak2
2009-01-06 12:55 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2009-01-06 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-05 12:30 --------- d-----w c:\program files\Windows Live
2009-01-05 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-05 12:22 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-22 15:54 --------- d-----w c:\documents and settings\baptiste\Application Data\HP
2008-12-22 15:50 --------- d-----w c:\program files\Hewlett-Packard
2008-12-22 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-22 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-22 15:42 --------- d-----w c:\documents and settings\baptiste\Application Data\HPAppData
2008-12-22 15:24 --------- d-----w c:\program files\HP
2008-12-22 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-12-22 15:22 --------- d-----w c:\program files\Fichiers communs\HP
2008-12-22 15:21 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2008-12-22 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-13 07:28 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-27 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1400cf4f517]
2009-01-26 13:19 135168 c:\windows\system32\dpnaddr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-11-20 17920]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-04-11 2829696]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-siomiss - c:\documents and settings\baptiste\local settings\application data\siomiss.exe
HKLM-Run-RemoteControl - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe
HKLM-Run-LogitechGalleryRepair - c:\program files\Logitech\Video\ISStart.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 23:17:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\baptiste\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\System32\dpnaddr32.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
.
**************************************************************************
.
Heure de fin: 2009-01-27 23:19:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-27 22:19:43

Avant-CF: 62 401 871 872 octets libres
Après-CF: 62,327,611,392 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

235 --- E O F --- 2009-01-14 22:35:58

j'avais compris de le mettre uniquement si l'autre trouvait rien. ^^
finalement j'ai installé avast et je l'ai fait vérifier tout mon systeme au redémarage de windows il m'a supprimé se qui restait dc tout va bien.
Merci beaucoup en tout cas
biz.

et celui de SmitfraudFix

SmitFraudFix v2.392

Rapport fait à 22:56:09,48, 27/01/2009
Executé à partir de C:\Documents and Settings\baptiste\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C7CFB91-04F6-4C84-91A9-A5CA94C5156C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C7CFB91-04F6-4C84-91A9-A5CA94C5156C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0C7CFB91-04F6-4C84-91A9-A5CA94C5156C}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

salut dsl c a lenver jai eu le mem pb avec spyware 2009 et jai suivi les etapes ke tu a decrit et je tenvoi donc les rapport merci d repondre

ComboFix 09-01-21.04 - baptiste 2009-01-27 23:14:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.525 [GMT 1:00]
Lancé depuis: c:\documents and settings\baptiste\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517C.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517O.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517P.manifest
c:\documents and settings\baptiste\Application Data\[u]0[/u]20000002bfaf0f5517S.manifest
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss.dat
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss.exe
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss_nav.dat
c:\documents and settings\baptiste\Local Settings\Application Data\siomiss_navps.dat
c:\windows\GnuHashes.ini
c:\windows\system32\4.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\hpowiax4.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.

2009-01-27 23:16 . 2009-01-27 23:17 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest
2009-01-27 23:14 . 2009-01-27 23:14 <REP> d-------- C:\quarantine
2009-01-27 19:00 . 2009-01-27 19:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 19:00 . 2009-01-27 19:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 13:19 . 2009-01-26 13:19 135,168 --a------ c:\windows\system32\dpnaddr32.dll
2009-01-17 13:19 . 2009-01-17 13:19 <REP> d-------- c:\program files\Custom-Strike
2009-01-17 13:19 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-15 12:57 . 2009-01-15 14:21 <REP> d-------- c:\program files\ThunderScRipT
2009-01-11 22:27 . 2009-01-11 22:27 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-01-05 13:31 . 2009-01-05 13:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-05 12:17 . 2009-01-13 21:53 <REP> d-------- c:\program files\Google
2009-01-01 11:10 . 2009-01-05 13:22 <REP> d-------- c:\documents and settings\baptiste\Tracing
2009-01-01 11:07 . 2009-01-06 08:55 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-01 11:06 . 2009-01-01 11:06 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-01 11:02 . 2009-01-01 11:02 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-29 10:57 . 2008-12-29 10:57 <REP> d-------- c:\program files\Fichiers communs\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 22:16 --------- d-----w c:\program files\SuperCopier2
2009-01-27 22:16 --------- d-----w c:\program files\Steam
2009-01-27 20:36 --------- d-----w c:\program files\Logitech
2009-01-27 12:12 --------- d-----w c:\documents and settings\baptiste\Application Data\mIRC
2009-01-27 09:09 --------- d-----w c:\program files\mIRC
2009-01-26 12:31 --------- d-----w c:\documents and settings\baptiste\Application Data\LimeWire
2009-01-17 12:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 12:19 --------- d-----w c:\program files\PowerArchiver
2009-01-10 22:20 --------- d-----w c:\documents and settings\baptiste\Application Data\teamspeak2
2009-01-06 12:55 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2009-01-06 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-05 12:30 --------- d-----w c:\program files\Windows Live
2009-01-05 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-05 12:22 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-22 15:54 --------- d-----w c:\documents and settings\baptiste\Application Data\HP
2008-12-22 15:50 --------- d-----w c:\program files\Hewlett-Packard
2008-12-22 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-22 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-22 15:42 --------- d-----w c:\documents and settings\baptiste\Application Data\HPAppData
2008-12-22 15:24 --------- d-----w c:\program files\HP
2008-12-22 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-12-22 15:22 --------- d-----w c:\program files\Fichiers communs\HP
2008-12-22 15:21 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2008-12-22 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-13 07:28 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-27 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1400cf4f517]
2009-01-26 13:19 135168 c:\windows\system32\dpnaddr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-11-20 17920]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-04-11 2829696]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-siomiss - c:\documents and settings\baptiste\local settings\application data\siomiss.exe
HKLM-Run-RemoteControl - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe
HKLM-Run-LogitechGalleryRepair - c:\program files\Logitech\Video\ISStart.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 23:17:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\baptiste\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\System32\dpnaddr32.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
.
**************************************************************************
.
Heure de fin: 2009-01-27 23:19:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-27 22:19:43

Avant-CF: 62 401 871 872 octets libres
Après-CF: 62,327,611,392 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

235 --- E O F --- 2009-01-14 22:35:58