Prb TR/Vundo.Gen et Crypt.XPACK Résolu

Question

Bonjour,
voilà j'ai un peu parcouru les messages des utilisateurs ayant eu le même problème que moi mais me trouvant bloqué je me résoud à demander de l'aide.
J'utilises antivir PersonnalEdition Classis ainsi que Zone Alarm et SpyBot. J'ai un problème avec deux trojans (ceux du titre). Pour Vundo j'ai utilisé Vundofix V7.0.3 comme certains l'ont préconisé dans d'autres messages mais celui ci n'a trouvé aucun problème...
J'ai lancé une analyse avec Hijack mais je m'y connais pas alors je le poste en esperant que quelqu'un me vienne en aide svp merci d'avance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:09, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21C51723-8BB2-4C35-9C55-C71E512F9F31} - (no file)
O2 - BHO: (no name) - {46BEB888-4ABA-41A6-8F84-D58F43B5BD93} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C9EB65F-8091-4898-BB05-DECF79C36D53} - C:\WINDOWS\system32\ddcBrqNE.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32
nnnOiJy.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [98c6fbf4] rundll32.exe "C:\WINDOWS\system32\ddosxgfi.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZmKlXuTxUv] C:\Documents and Settings\All Users\Application Data\pslsdcba\hgbcvexi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: nnnnOiJy - C:\WINDOWS\SYSTEM32
nnnOiJy.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

green day · Answer

Sakut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

Boitinho · Answer

ok merci greenday, voilà le rapport de combofix :

ComboFix 08-04-11.8 - Thomas 2008-04-12 20:48:45.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1780 [GMT 2:00]
Endroit: C:\Documents and Settings\Thomas\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas\Local Settings\Application Data\dqgubetbpf.dat
C:\Documents and Settings\Thomas\Local Settings\Application Data\dqgubetbpf_navps.dat
C:\Documents and Settings\Thomas\Local Settings\Application Data\dqgubetbpf_navup.dat
C:\Documents and Settings\Thomas\Local Settings\Application Data\xvzfdmzgv.dat
C:\Documents and Settings\Thomas\Local Settings\Application Data\xvzfdmzgv_nav.dat
C:\Documents and Settings\Thomas\Local Settings\Application Data\xvzfdmzgv_navps.dat
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\system32\bKQsvyay.ini
C:\WINDOWS\system32\bKQsvyay.ini2
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\ENqrBcdd.ini
C:\WINDOWS\system32\ENqrBcdd.ini2
C:\WINDOWS\system32\ifgxsodd.ini
C:\WINDOWS\system32\nnnnOiJy.dll
C:\WINDOWS\system32\xEhPAyxx.ini
C:\WINDOWS\system32\xEhPAyxx.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 20:06 . 2008-04-12 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-04-12 17:32 . 2008-04-12 17:32 <REP> d-------- C:\VundoFix Backups
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Program Files\Avira
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 17:17 . 2008-04-12 17:17 272,384 --a------ C:\WINDOWS\system32\ddcBrqNE.VIR
2008-04-12 15:58 . 2008-04-12 15:58 <REP> d-------- C:\Program Files\AxBx
2008-04-12 15:16 . 2008-04-12 15:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-12 15:16 . 2008-04-12 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 15:39 . 2008-04-11 15:39 <REP> d-------- C:\WINDOWS\system32\215651
2008-04-11 15:36 . 2008-04-12 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pslsdcba
2008-04-10 18:29 . 2008-04-10 18:29 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Ubisoft
2008-04-10 18:27 . 2008-04-10 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-10 18:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-10 18:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-10 18:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-04-10 18:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-10 18:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Program Files\Ubisoft
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\InstallShield
2008-04-10 15:32 . 2008-04-10 15:32 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Talkback
2008-03-22 13:57 . 2008-03-22 13:57 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\IDS_COMPANY
2008-03-18 04:01 . 2008-03-18 04:01 <REP> d-------- C:\Program Files\Google
2008-03-13 17:36 . 2008-04-12 20:55 23,605,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-13 17:36 . 2008-04-12 20:45 279,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Program Files\Zone Labs
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-13 17:31 . 2008-04-12 20:41 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-12 18:06 . 2008-03-12 18:06 <REP> d-------- C:\Program Files\Freeplayer
2008-03-12 15:12 . 2008-03-12 15:12 <REP> d-------- C:\Program Files\FpTest
2008-03-12 14:55 . 2008-04-08 14:10 <REP> d-------- C:\Program Files\adslTV
2008-03-12 11:48 . 2008-03-12 11:48 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\GlarySoft
2008-03-12 01:11 . 2008-03-12 11:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-12 01:11 . 2008-03-12 01:11 22,304 --a------ C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2008-03-12 01:11 . 2008-03-12 01:11 0 --a------ C:\WINDOWS\wlistHMFAxCore8ca4fd17866cac11805503e882557762
2008-03-12 01:11 . 2008-03-12 11:37 0 --a------ C:\WINDOWS\hlistHMFAxCore8ca4fd17866cac11805503e882557762
2008-03-12 01:10 . 2008-03-12 18:11 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\vlc
2008-03-12 01:09 . 2008-03-12 01:09 <REP> d-------- C:\Program Files\Glary Utilities
2008-03-12 01:09 . 2001-03-02 12:41 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-03-12 01:08 . 2008-03-12 01:09 <REP> d-------- C:\Program Files\Ontrack
2008-03-12 01:07 . 2008-03-12 01:07 <REP> d-------- C:\Program Files\SuperCopier2
2008-03-12 01:07 . 2008-03-12 01:07 <REP> d-------- C:\Program Files\Smart Projects
2008-03-12 01:06 . 2008-03-12 01:06 <REP> d-------- C:\Program Files\Unlocker
2008-03-12 01:05 . 2008-04-10 17:41 <REP> d-------- C:\Program Files\FreeCommander

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:37 --------- d-----w C:\Program Files\CCleaner
2008-04-10 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:56 --------- d-----w C:\Program Files\EA SPORTS
2008-04-06 23:21 --------- d-----w C:\Documents and Settings\Thomas\Application Data\BitTorrent
2008-04-04 06:17 --------- d-----w C:\Program Files\eMule
2008-03-13 15:41 88,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-13 15:41 1,309,184 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 14:25 --------- d-----w C:\Program Files\BBLACK
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C9EB65F-8091-4898-BB05-DECF79C36D53}]
C:\WINDOWS\system32\ddcBrqNE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:01 67128]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-10 23:23 43520]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [2006-06-29 04:07 352256]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 09:52 3167744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"98c6fbf4"="C:\WINDOWS\system32\ddosxgfi.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 17:21 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ZmKlXuTxUv"= C:\Documents and Settings\All Users\Application Data\pslsdcba\hgbcvexi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-03-12 01:11]
R3 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2005-07-15 17:07]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-01 20:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0d6f6a8-98f3-11dc-9c31-0015af018a35}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 20:55:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 20:57:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 18:57:45
Pre-Run: 12,295,233,536 octets libres
Post-Run: 12,294,619,136 octets libres
.
2008-04-10 01:05:45 --- E O F ---

green day · Answer

très bien !

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip 

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp. 


++

Boitinho · Answer

ok le voici:

SmitFraudFix v2.312

Rapport fait à 21:23:54,14, 12/04/2008
Executé à partir de C:\Documents and Settings\Thomas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\215651\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Thomas\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{99D2DDC5-B6FE-4C7C-9896-C2D706411BAD}: DhcpNameServer=194.2.0.20 194.2.0.50
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.2.0.20 194.2.0.50
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

ok, redemarre en mode sans echec, et passe à l'option 2

Boitinho · Answer

ok, bon j'ai plus de message de la part d'antivir qui apparait mais est ce que ça veut dire que c'est définitivement fini je n'en sais rien.
Enfin bref voilà le rapport : 

SmitFraudFix v2.312

Rapport fait à 21:33:11,56, 12/04/2008
Executé à partir de C:\Documents and Settings\Thomas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\215651\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{99D2DDC5-B6FE-4C7C-9896-C2D706411BAD}: DhcpNameServer=194.2.0.20 194.2.0.50
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40C8BD42-27F0-43C5-9DD3-42327DA7CB0F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.2.0.20 194.2.0.50
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

Salut

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

++

Boitinho · Answer

salut, ok alors j'ai fait tout ce que tu m'as dit : voilà les rapports :


[b]SDFix: Version 1.170 [/b]
Run by Thomas on 13/04/2008 at 16:55

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:01:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:e00240d2
"s1"=dword:2f1af030
"s2"=dword:50d64793
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1f,04,20,18,6f,df,f8,d6,57,a5,a7,f7,1d,a8,20,b1,19,ef,2b,0b,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,12,58,1d,c8,fb,8c,8a,af,b6,14,17,58,52,74,69,37,a4,..
"khjeh"=hex:40,48,9e,4a,2a,83,31,27,84,07,b3,67,5c,d6,3d,1a,07,6d,25,4f,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,4c,d8,cc,fb,7f,95,96,c4,f4,b7,7a,43,17,ee,16,61,3c,eb,7d,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,65,95,9c,75,4b,43,7a,83,c3,7c,cc,56,e6,60,b3,76,11,ba,2c,ba,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:74,dd,e2,d2,78,c8,a2,03,58,a0,64,a4,f3,6e,aa,c6,cd,8e,74,a0,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:35,c9,13,98,c2,23,12,6d,d5,4e,56,05,55,43,3e,2c,a8,ab,79,40,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1f,85,22,74,01,31,c0,fb,00,16,59,e9,2c,c5,6a,de,ee,d8,f7,1d,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,12,58,1d,c8,fb,8c,8a,af,b6,14,17,58,52,74,69,37,a4,..
"khjeh"=hex:b5,37,db,1e,3b,12,78,72,2c,2a,10,e1,14,f1,01,98,13,83,71,87,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,8e,cf,0a,23,ff,f9,c4,f6,87,fe,21,74,d1,f4,bb,a5,79,51,58,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1f,04,20,18,6f,df,f8,d6,57,a5,a7,f7,1d,a8,20,b1,19,ef,2b,0b,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,12,58,1d,c8,fb,8c,8a,af,b6,14,17,58,52,74,69,37,a4,..
"khjeh"=hex:40,48,9e,4a,2a,83,31,27,84,07,b3,67,5c,d6,3d,1a,07,6d,25,4f,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,4c,d8,cc,fb,7f,95,96,c4,f4,b7,7a,43,17,ee,16,61,3c,eb,7d,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,65,95,9c,75,4b,43,7a,83,c3,7c,cc,56,e6,60,b3,76,11,ba,2c,ba,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:74,dd,e2,d2,78,c8,a2,03,58,a0,64,a4,f3,6e,aa,c6,cd,8e,74,a0,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:35,c9,13,98,c2,23,12,6d,d5,4e,56,05,55,43,3e,2c,a8,ab,79,40,6e,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
"C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun  3 Feb 2008         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu 20 Dec 2007        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sat  2 Feb 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun  4 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"

[b]Finished![/b]

et Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:53, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32
otepad.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C9EB65F-8091-4898-BB05-DECF79C36D53} - C:\WINDOWS\system32\ddcBrqNE.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [98c6fbf4] rundll32.exe "C:\WINDOWS\system32\ddosxgfi.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

green day · Answer

ok,

télécharge ceci :https://www.commentcamarche.net/telecharger/ 34055379 malwarebyte s anti malware 
* Installez le programme sur le bureau : 
o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici 
* Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour) 
* Démarrez en mode sans échec 
* Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs 
* Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !) 
* Un rapport sera généré, enregistrez le de manière à le retrouver 

==> poste le stp !

Boitinho · Answer

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 619

Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 129579
Temps écoulé: 1 hour(s), 19 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{14DDD571-0035-4AF3-8957-2D9BA7C2E6DE}\RP627\A0349228.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
G:\IMAGE JEUX ET PROGRAMME\JEUX\Battlefield 2\Crack\Battlefield 2 KeyGen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

green day · Answer

ok, poste un nouveau combo stp

++

Boitinho · Answer

ComboFix 08-04-11.8 - Thomas 2008-04-13 19:54:07.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1603 [GMT 2:00]
Endroit: C:\Documents and Settings\Thomas\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 19:18 . 2008-04-13 19:18 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Todae
2008-04-13 19:13 . 2008-04-13 19:13 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-13 17:25 . 2008-04-13 17:25 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Malwarebytes
2008-04-13 17:24 . 2008-04-13 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:53 . 2008-04-13 16:53 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 16:51 . 2008-04-13 17:04 <REP> d-------- C:\SDFix
2008-04-12 21:23 . 2008-04-12 21:33 2,698 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 20:06 . 2008-04-12 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-04-12 17:32 . 2008-04-12 17:32 <REP> d-------- C:\VundoFix Backups
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Program Files\Avira
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 17:17 . 2008-04-12 17:17 272,384 --a------ C:\WINDOWS\system32\ddcBrqNE.VIR
2008-04-12 15:58 . 2008-04-12 15:58 <REP> d-------- C:\Program Files\AxBx
2008-04-12 15:16 . 2008-04-12 15:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-12 15:16 . 2008-04-12 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 15:36 . 2008-04-12 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pslsdcba
2008-04-10 18:29 . 2008-04-10 18:29 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Ubisoft
2008-04-10 18:27 . 2008-04-10 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-10 18:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-10 18:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-10 18:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-04-10 18:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-10 18:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Program Files\Ubisoft
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\InstallShield
2008-04-10 15:32 . 2008-04-10 15:32 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Talkback
2008-03-22 13:57 . 2008-03-22 13:57 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\IDS_COMPANY
2008-03-18 04:01 . 2008-03-18 04:01 <REP> d-------- C:\Program Files\Google
2008-03-13 17:36 . 2008-04-13 19:56 23,851,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-13 17:36 . 2008-04-13 17:27 281,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Program Files\Zone Labs
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-13 17:31 . 2008-04-13 19:45 <REP> d-------- C:\WINDOWS\Internet Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:37 --------- d-----w C:\Program Files\CCleaner
2008-04-10 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:56 --------- d-----w C:\Program Files\EA SPORTS
2008-04-10 15:41 --------- d-----w C:\Program Files\FreeCommander
2008-04-08 12:10 --------- d-----w C:\Program Files\adslTV
2008-04-06 23:21 --------- d-----w C:\Documents and Settings\Thomas\Application Data\BitTorrent
2008-04-04 06:17 --------- d-----w C:\Program Files\eMule
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 15:41 88,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-13 15:41 1,309,184 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-12 16:11 --------- d-----w C:\Documents and Settings\Thomas\Application Data\vlc
2008-03-12 16:06 --------- d-----w C:\Program Files\Freeplayer
2008-03-12 13:12 --------- d-----w C:\Program Files\FpTest
2008-03-12 09:48 --------- d-----w C:\Documents and Settings\Thomas\Application Data\GlarySoft
2008-03-12 09:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 23:11 22,304 ----a-w C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2008-03-11 23:09 --------- d-----w C:\Program Files\Ontrack
2008-03-11 23:09 --------- d-----w C:\Program Files\Glary Utilities
2008-03-11 23:07 --------- d-----w C:\Program Files\SuperCopier2
2008-03-11 23:07 --------- d-----w C:\Program Files\Smart Projects
2008-03-11 23:06 --------- d-----w C:\Program Files\Unlocker
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-29 14:25 --------- d-----w C:\Program Files\BBLACK
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_20.57.30.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-13 14:53:36 9,715,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 14:53:36 352,256 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-13 14:53:23 9,715,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 14:53:23 352,256 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-04 00:33:16 682,496 ----a-w C:\WINDOWS\system32\divx.dll
+ 2007-11-29 21:28:24 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-11-29 21:30:28 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2007-09-04 15:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2008-01-10 11:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 11:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-24 23:00:00 70,656 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 15:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C9EB65F-8091-4898-BB05-DECF79C36D53}]
C:\WINDOWS\system32\ddcBrqNE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:01 67128]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-10 23:23 43520]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [2006-06-29 04:07 352256]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 09:52 3167744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"98c6fbf4"="C:\WINDOWS\system32\ddosxgfi.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 17:21 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
Registration Assassin's Creed.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2008-04-10 18:26:22 967304]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 19:01:21 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-01 15:18:42 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-03-12 01:11]
R3 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2005-07-15 17:07]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-01 20:48]
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\Thomas\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0d6f6a8-98f3-11dc-9c31-0015af018a35}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 19:56:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Temps d'accomplissement: 2008-04-13 19:57:28
ComboFix-quarantined-files.txt 2008-04-13 17:57:22
ComboFix2.txt 2008-04-12 18:57:53
Pre-Run: 12,088,115,200 octets libres
Post-Run: 12,073,254,912 octets libres
.
2008-04-10 01:05:45 --- E O F ---

green day · Answer

ok,

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras : 

File:: 

C:\WINDOWS\system32\ddcBrqNE.dll 
C:\WINDOWS\system32\ddosxgfi.dll"

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C9EB65F-8091-4898-BB05-DECF79C36D53}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"98c6fbf4"=-

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : 
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide 
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal ! 
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt ) 


++

Boitinho · Answer

ok j'ai fait ce que tu m'as dit mais combofix ne m'a proposé aucune option il a simplement effectué le scan dont voici le rapport:

ComboFix 08-04-13.1 - Thomas 2008-04-13 20:34:22.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1536 [GMT 2:00]
Endroit: C:\Documents and Settings\Thomas\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\ddcBrqNE.dll
C:\WINDOWS\system32\ddosxgfi.dll"
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 19:18 . 2008-04-13 19:18 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Todae
2008-04-13 19:13 . 2008-04-13 19:13 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-13 17:25 . 2008-04-13 17:25 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Malwarebytes
2008-04-13 17:24 . 2008-04-13 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:53 . 2008-04-13 16:53 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 16:51 . 2008-04-13 17:04 <REP> d-------- C:\SDFix
2008-04-12 21:23 . 2008-04-12 21:33 2,698 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 20:06 . 2008-04-12 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-04-12 17:32 . 2008-04-12 17:32 <REP> d-------- C:\VundoFix Backups
2008-04-12 17:25 . 2008-04-12 17:25 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Program Files\Avira
2008-04-12 17:19 . 2008-04-12 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-12 17:17 . 2008-04-12 17:17 272,384 --a------ C:\WINDOWS\system32\ddcBrqNE.VIR
2008-04-12 15:58 . 2008-04-12 15:58 <REP> d-------- C:\Program Files\AxBx
2008-04-12 15:16 . 2008-04-12 15:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-12 15:16 . 2008-04-12 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 15:36 . 2008-04-12 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pslsdcba
2008-04-10 18:29 . 2008-04-10 18:29 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Ubisoft
2008-04-10 18:27 . 2008-04-10 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-10 18:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-10 18:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-10 18:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-10 18:27 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-04-10 18:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-10 18:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Program Files\Ubisoft
2008-04-10 18:19 . 2008-04-10 18:19 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\InstallShield
2008-04-10 15:32 . 2008-04-10 15:32 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Talkback
2008-03-22 13:57 . 2008-03-22 13:57 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\IDS_COMPANY
2008-03-18 04:01 . 2008-03-18 04:01 <REP> d-------- C:\Program Files\Google
2008-03-13 17:36 . 2008-04-13 20:35 23,896,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-13 17:36 . 2008-04-13 17:27 281,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Program Files\Zone Labs
2008-03-13 17:32 . 2008-03-13 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-13 17:31 . 2008-04-13 20:33 <REP> d-------- C:\WINDOWS\Internet Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:37 --------- d-----w C:\Program Files\CCleaner
2008-04-10 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:56 --------- d-----w C:\Program Files\EA SPORTS
2008-04-10 15:41 --------- d-----w C:\Program Files\FreeCommander
2008-04-08 12:10 --------- d-----w C:\Program Files\adslTV
2008-04-06 23:21 --------- d-----w C:\Documents and Settings\Thomas\Application Data\BitTorrent
2008-04-04 06:17 --------- d-----w C:\Program Files\eMule
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 15:41 88,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-13 15:41 1,309,184 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-12 16:11 --------- d-----w C:\Documents and Settings\Thomas\Application Data\vlc
2008-03-12 16:06 --------- d-----w C:\Program Files\Freeplayer
2008-03-12 13:12 --------- d-----w C:\Program Files\FpTest
2008-03-12 09:48 --------- d-----w C:\Documents and Settings\Thomas\Application Data\GlarySoft
2008-03-12 09:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 23:11 22,304 ----a-w C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2008-03-11 23:09 --------- d-----w C:\Program Files\Ontrack
2008-03-11 23:09 --------- d-----w C:\Program Files\Glary Utilities
2008-03-11 23:07 --------- d-----w C:\Program Files\SuperCopier2
2008-03-11 23:07 --------- d-----w C:\Program Files\Smart Projects
2008-03-11 23:06 --------- d-----w C:\Program Files\Unlocker
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-29 14:25 --------- d-----w C:\Program Files\BBLACK
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_20.57.30.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-31 09:28:10 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\5fnbh737.dat
+ 2006-08-31 09:28:10 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\bz7l3v13.dat
+ 2002-08-29 10:18:54 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-28 23:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2006-08-31 09:28:10 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\grrj1np3.dat
+ 2006-08-31 09:28:11 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\hr1vrftz.dat
+ 2006-08-31 09:28:10 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\m3d7djbb.dat
+ 2008-04-13 16:52:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-13 14:53:36 9,715,712 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 14:53:36 352,256 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-13 14:53:23 9,715,712 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 14:53:23 352,256 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2006-08-31 09:28:10 2,678 ----a-w C:\WINDOWS\java\Packages\Data\5FNBH737.DAT
+ 2006-08-31 09:28:10 2,678 ----a-w C:\WINDOWS\java\Packages\Data\BZ7L3V13.DAT
+ 2006-08-31 09:28:10 2,678 ----a-w C:\WINDOWS\java\Packages\Data\GRRJ1NP3.DAT
+ 2006-08-31 09:28:11 2,678 ----a-w C:\WINDOWS\java\Packages\Data\HR1VRFTZ.DAT
+ 2006-08-31 09:28:10 2,678 ----a-w C:\WINDOWS\java\Packages\Data\M3D7DJBB.DAT
+ 2006-08-31 12:01:13 2,724 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2004-08-19 23:23:25 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2001-08-28 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-28 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-28 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-28 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-19 23:23:25 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2007-12-04 00:33:16 682,496 ----a-w C:\WINDOWS\system32\divx.dll
+ 2001-08-28 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-08-28 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-28 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-28 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-28 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-28 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-28 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-28 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-28 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2007-11-29 21:28:24 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-28 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2001-08-28 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-28 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-08-28 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2001-08-28 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2007-11-29 21:30:28 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2001-08-28 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2007-09-04 15:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2001-08-28 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2001-08-28 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-08-28 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-28 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-01-10 11:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 11:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-24 23:00:00 70,656 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 15:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2007-05-30 23:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 19:01 67128]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-10 23:23 43520]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [2006-06-29 04:07 352256]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 09:52 3167744]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 17:21 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
Registration Assassin's Creed.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2008-04-10 18:26:22 967304]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 19:01:21 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-01 15:18:42 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;C:\WINDOWS\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-03-12 01:11]
R3 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2005-07-15 17:07]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-01 20:48]
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\Thomas\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0d6f6a8-98f3-11dc-9c31-0015af018a35}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 20:35:40
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Temps d'accomplissement: 2008-04-13 20:36:14
ComboFix-quarantined-files.txt 2008-04-13 18:36:09
ComboFix2.txt 2008-04-13 17:57:28
ComboFix3.txt 2008-04-12 18:57:53
Pre-Run: 12,232,167,424 octets libres
Post-Run: 13,201,506,304 octets libres
.
2008-04-10 01:05:45 --- E O F ---

green day · Answer

ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

Boitinho · Answer

Ok merci beaucoup pour ton aide greenday! Problème résolu.

green day · Answer

;-))

Prb TR/Vundo.Gen et Crypt.XPACK

17 réponses

Votre réponse

Discussions similaires

Newsletters