Smitfraud- C generic

slt
vire ce qui est en quarantaine dans spybot puis désinstalle completement spybot

puis

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

voici le log, merci de ton aide.

ComboFix 09-08-18.04 - Administrateur 19/08/2009 18:05.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.533 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\BIT451.tmp
C:\conreport.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\iclib.exe
C:\lugreport.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Cursors\aero_link.cur
c:\windows\Cursors\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-18 18:54 . 2009-08-18 18:53 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-18 18:54 . 2009-06-03 14:25 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-18 18:54 . 2009-04-17 15:07 87297 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-18 18:54 . 2009-02-17 12:49 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-18 18:54 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-15 14:43 . 2009-08-15 14:43 63488 ----a-w- C:\asfknsfkne.exe
2009-08-14 21:17 . 2009-08-14 21:17 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 09:19 . 2009-08-14 21:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-13 09:19 . 2007-05-13 10:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-13 09:19 . 2009-08-13 09:21 -------- d-----w- c:\program files\AoA Audio Extractor
2009-08-04 18:55 . 2009-08-04 18:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-04 10:52 . 2009-08-04 10:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\program files\QuickTime
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\program files\Apple Software Update
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-02 18:03 . 2009-08-02 18:03 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple Computer
2009-07-24 22:17 . 2009-07-24 22:17 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer
2009-07-24 22:17 . 2009-08-18 18:58 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-24 22:17 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-24 22:17 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-24 22:17 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-24 22:17 . 2009-07-24 22:17 -------- d-----w- c:\program files\Avira
2009-07-24 22:01 . 2009-07-24 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-20 18:08 . 2009-08-01 16:08 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 15:59 . 2002-01-01 00:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 15:58 . 2002-01-01 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 23:03 . 2009-05-04 18:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2009-08-18 14:40 . 2001-12-31 23:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-08-17 20:53 . 2001-12-31 23:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-14 21:19 . 2009-05-08 19:48 -------- d-----w- c:\program files\Java
2009-08-12 14:00 . 2008-08-11 00:00 81644 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 14:00 . 2008-08-11 00:00 503798 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-12 11:28 . 2001-12-31 23:49 113056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 23:51 . 2009-06-04 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 17:01 . 2001-12-31 23:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-25 03:23 . 2009-05-08 19:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 21:29 . 2009-05-08 19:50 0 ----a-w- c:\documents and settings\Administrateur\errorlog.tmp
2009-07-15 08:12 . 2009-05-04 12:24 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-08 13:23 . 2009-05-05 11:58 -------- d-----w- c:\program files\PhotoFiltre Studio X
2009-07-07 09:45 . 2009-07-07 09:43 -------- d-----w- c:\program files\WinAVI Video Converter
2009-07-05 20:04 . 2009-07-05 20:04 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-05 20:04 . 2009-07-05 20:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org
2009-06-26 18:18 . 2009-06-26 18:18 -------- d-----w- c:\program files\VDOWNLOADER
2009-06-26 18:12 . 2009-05-20 02:00 -------- d-----w- c:\program files\ConvertHelper
2009-06-03 16:20 . 2009-06-03 16:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-25 04:49 . 2009-06-04 13:58 676224 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-05-24 20:36 . 2009-05-24 22:25 53248 ------w- c:\windows\Ctregrun.exe
2009-05-24 20:36 . 2009-05-24 22:24 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-05-24 20:36 . 2009-05-24 22:24 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-18 15:12 . 2009-05-18 15:12 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-08-11 00:00 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\system32\wininet.dll

[-] 2008-08-11 00:00 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\system32\drivers\tcpip.sys

[-] 2008-08-11 00:00 3593728 EBF0440323874DDF97EF0CEC2D6DC9F4 c:\windows\system32\mshtml.dll

[-] 2008-08-11 00:00 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\system32\mspmsnsv.dll

[-] 2008-08-11 00:00 1571840 E4F85F27BB7E31A8861CE0E4572BAC7A c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-01 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-08-11 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando\\pando.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\asfknsfkne.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58917:TCP"= 58917:TCP:Pando P2P TCP Listening Port
"58917:UDP"= 58917:UDP:Pando P2P UDP Listening Port

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/07/2009 00:17 108289]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/01/2002 02:20 114024]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [04/05/2009 16:37 1527900]
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-343818398-1801674531-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-01 00:08]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-343818398-1801674531-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-01 00:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\q8od2bcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=
FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 18:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-19 18:09
ComboFix-quarantined-files.txt 2009-08-19 16:09

Pre-Run: 96 313 262 080 octets libres
Post-Run: 96 296 243 200 octets libres

187

analyse ce fichier sur virus total et colle le rapport

C:\asfknsfkne.exe

______________________

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

le fichier asfknsfkne.exe n'était pas dangereuselon virustotal, mais comme il n'a rien à faire là, je l'ai supprimé.

pour le rapport malwarebyte:

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 3

24/08/2009 00:44:41
mbam-log-2009-08-24 (00-44-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 157627
Temps écoulé: 38 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et enfin les deux fichiers textes:
1

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-24 00:45:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 92 GB (30%) free of 305 GB
Total RAM: 1023 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:45:42, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Documents and Settings\Administrateur\Bureau\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

lance tool cleaner et vire tout ce qui est trouvé

https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

___________________

désactive ta restauration puis redemarre le pc puis réactive la

http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

___________________

remets spybot et dis si il trouve encore l'infection

__________________

internet explorer 8 est sorti....

a plus

il semblerai que c'est ok. j'ai pas encore scanner avec spybot, mais avira ne trouve rien, et le pc semble clean. je fais un scan avec spybot au plus vite, j'ai pas trop le temps de m'occuper de ça pour l'instant.

merci beaucoup dans tout les cas.

ok tu diras

a plus