Virus dans svchost.exe

quand il redemare la deuxieme fois, il n'y a pas de fenetre de findykill et le bureau est toujours là

voila le raport combofix:

ComboFix 08-11-20.02 - hp 2008-11-21 19:52:24.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.787 [GMT 0:00]
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\[u]0/uw.com
C:\abk.bat
C:\Autorun.inf
c:\documents and settings\hp\Application Data\inst.exe
c:\documents and settings\hp\Application Data\m
c:\documents and settings\hp\Application Data\m\data.oct
c:\documents and settings\hp\Application Data\m\flec006.exe
c:\documents and settings\hp\Application Data\m\list.oct
c:\documents and settings\hp\Application Data\m\shared\@promt English-German Professional Translator 7.0 (Crack).zip
c:\documents and settings\hp\Application Data\m\shared\[HGame XP][AVG][jpn jpn][責められて～女店長～].zip
c:\documents and settings\hp\Application Data\m\shared\3DNA Desktop 1.1.zip
c:\documents and settings\hp\Application Data\m\shared\AEVITA Stop SPAM Email 1.01.zip
c:\documents and settings\hp\Application Data\m\shared\Alien Sun Clock Screensaver 2.4.zip
c:\documents and settings\hp\Application Data\m\shared\AnyWiki Search Gadget 1.1.zip
c:\documents and settings\hp\Application Data\m\shared\Assignment_Organizer_3.0.6_Serial.zip
c:\documents and settings\hp\Application Data\m\shared\Audio CD Ripper Plus 2.0.zip
c:\documents and settings\hp\Application Data\m\shared\Auto Shutdown 1.2.zip
c:\documents and settings\hp\Application Data\m\shared\Auto_Type_4.1.zip
c:\documents and settings\hp\Application Data\m\shared\Axialis AX-cursors 4.5.zip
c:\documents and settings\hp\Application Data\m\shared\Barracuda Integrator 2.0.zip
c:\documents and settings\hp\Application Data\m\shared\BarracudaDrive_3.zip
c:\documents and settings\hp\Application Data\m\shared\BBC Headline News 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Browser Hijack Retaliator 4.5.0.471.zip
c:\documents and settings\hp\Application Data\m\shared\BuzZer2 1.01.zip
c:\documents and settings\hp\Application Data\m\shared\Charon 0.6.zip
c:\documents and settings\hp\Application Data\m\shared\City Of Ghouls Halloween Wallpaper 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Class Reunion Almanac 2.7.zip
c:\documents and settings\hp\Application Data\m\shared\ClockWatch_Server_3.0.4.zip
c:\documents and settings\hp\Application Data\m\shared\Cloud_Text_Applet_1.00.zip
c:\documents and settings\hp\Application Data\m\shared\Colorado Events 1.zip
c:\documents and settings\hp\Application Data\m\shared\Cover Version 1.2.2.zip
c:\documents and settings\hp\Application Data\m\shared\D-Weather_1.3.7.zip
c:\documents and settings\hp\Application Data\m\shared\Deal 5 Cards 1.2.zip
c:\documents and settings\hp\Application Data\m\shared\Desk_Buddy_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\DeskPins_1.30.zip
c:\documents and settings\hp\Application Data\m\shared\DVD to Pocket PC converter 4.9.0.63.zip
c:\documents and settings\hp\Application Data\m\shared\Dynamic_Web_Ranking_5.0.30.zip
c:\documents and settings\hp\Application Data\m\shared\Easy WinKey Blocker 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Easy_Half_Life_2.0_With_Crack.zip
c:\documents and settings\hp\Application Data\m\shared\Easy_Screen_Capture_And_Annotation_2.1.0.0.zip
c:\documents and settings\hp\Application Data\m\shared\ExEntryC's_Calculator_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Explore++_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\ExposurePlot 1.12.zip
c:\documents and settings\hp\Application Data\m\shared\EZVSoft_2.0.62.zip
c:\documents and settings\hp\Application Data\m\shared\F.E.A.R._v1.01_patch.zip
c:\documents and settings\hp\Application Data\m\shared\FileVOoM 2.5.0.zip
c:\documents and settings\hp\Application Data\m\shared\FlashSnap 2.1.zip
c:\documents and settings\hp\Application Data\m\shared\Font Fitting Room Deluxe 2.9.5.5 [Crack].zip
c:\documents and settings\hp\Application Data\m\shared\FoundationStone 3.1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Geovid_DVD_Copy_1.2.zip
c:\documents and settings\hp\Application Data\m\shared\GrPing 1.3.zip
c:\documents and settings\hp\Application Data\m\shared\Haleakala Volcano Screensaver 1.0.0.1.zip
c:\documents and settings\hp\Application Data\m\shared\Henry's_Inventory_1.5.3.1.zip
c:\documents and settings\hp\Application Data\m\shared\HTMLDiff_2.1.zip
c:\documents and settings\hp\Application Data\m\shared\IceCendol_Mobile_Phone_Instant_Messenger_1.0.1.zip
c:\documents and settings\hp\Application Data\m\shared\Index.die 2.1.zip
c:\documents and settings\hp\Application Data\m\shared\Indicators 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\InterMapper_RemoteAccess_4.5.2_KeyGen.zip
c:\documents and settings\hp\Application Data\m\shared\Internet_Speed_Test_1.3.zip
c:\documents and settings\hp\Application Data\m\shared\Jack-O-Lantern.zip
c:\documents and settings\hp\Application Data\m\shared\jdec 1.2.1.zip
c:\documents and settings\hp\Application Data\m\shared\JiclaSoft_RecipeAide_2.01.002.zip
c:\documents and settings\hp\Application Data\m\shared\KaiJin.zip
c:\documents and settings\hp\Application Data\m\shared\Kaspersky.Anti-Virus.Personal.v5.0.325_Final_Key_2007.05.25--.zip
c:\documents and settings\hp\Application Data\m\shared\Kaufman_Mail_Warrior_3.7_beta_1.zip
c:\documents and settings\hp\Application Data\m\shared\Kitchener_Toolbar_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\KMCS Utilities Suite 2002 RC2 [With Crack].zip
c:\documents and settings\hp\Application Data\m\shared\LAVA_Flv_Player_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Look_'Trojan'_Stop_2007_Build_703688.zip
c:\documents and settings\hp\Application Data\m\shared\Mabry_Gopher_Control_5.10.002.zip
c:\documents and settings\hp\Application Data\m\shared\Magic of Morning 1.1.zip
c:\documents and settings\hp\Application Data\m\shared\MAGIX_Photo_Manager_2006.zip
c:\documents and settings\hp\Application Data\m\shared\Make Multiple Replacements In Files Software 7.0.zip
c:\documents and settings\hp\Application Data\m\shared\McAfee.AntiSpyware.v2.1.112.Retail-ZWT.zip
c:\documents and settings\hp\Application Data\m\shared\Mcafee.VirusScan.Entreprise.8i.Fr.+.Licence.zip
c:\documents and settings\hp\Application Data\m\shared\Messenger Backup 3.5.zip
c:\documents and settings\hp\Application Data\m\shared\MicroCD 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Mobi3D_1.4.zip
c:\documents and settings\hp\Application Data\m\shared\Mouse Boost 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\MP3 Normalizer 1.03.zip
c:\documents and settings\hp\Application Data\m\shared\MP3_Audio_Splitter_Joiner_1.zip
c:\documents and settings\hp\Application Data\m\shared\MP3_Sound_Stream_1.27.zip
c:\documents and settings\hp\Application Data\m\shared\MPL3D_Solar_System_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\NetSetting 1.02.zip
c:\documents and settings\hp\Application Data\m\shared\neuview_media_player_professional_6.07_Patch.zip
c:\documents and settings\hp\Application Data\m\shared\Neverwinter_Nights_LOTR_Sons_of_the_Steward_Campaign.zip
c:\documents and settings\hp\Application Data\m\shared\Note Organizer Deluxe 2.7.zip
c:\documents and settings\hp\Application Data\m\shared\Official_Olympic_Volleyball_Screensaver_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\OpenOffice.org_for_Linux.zip
c:\documents and settings\hp\Application Data\m\shared\PageFocus_Thumbnail_1.60_(Cracked).zip
c:\documents and settings\hp\Application Data\m\shared\Paris_Bus_Tram_1.7.zip
c:\documents and settings\hp\Application Data\m\shared\PC Adrenalin 1.2.zip
c:\documents and settings\hp\Application Data\m\shared\PC Shower 2007 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\PolyMorph3D Screensaver 1.02.zip
c:\documents and settings\hp\Application Data\m\shared\Presto!_PhotoAlbum_1.55.zip
c:\documents and settings\hp\Application Data\m\shared\Pro_Wizard_Label_Designer_5.zip
c:\documents and settings\hp\Application Data\m\shared\QM_Nooze_1.1.1.zip
c:\documents and settings\hp\Application Data\m\shared\QuickHasher_0.4.0.zip
c:\documents and settings\hp\Application Data\m\shared\QuizMaker Pro 6.2.1.zip
c:\documents and settings\hp\Application Data\m\shared\Qumana_2.1.0.19.zip
c:\documents and settings\hp\Application Data\m\shared\R3R 2.0 Alpha 4.zip
c:\documents and settings\hp\Application Data\m\shared\Radsoft ClipHist 1.2.0.0.zip
c:\documents and settings\hp\Application Data\m\shared\remindMe_Lite_1.1.zip
c:\documents and settings\hp\Application Data\m\shared\Remote_Execute_1.0.0.42.zip
c:\documents and settings\hp\Application Data\m\shared\Replay_AV_8.20.zip
c:\documents and settings\hp\Application Data\m\shared\Roboticus_3D_Screensaver_1.0_With_Crack.zip
c:\documents and settings\hp\Application Data\m\shared\Robots.txt_2.0.1.zip
c:\documents and settings\hp\Application Data\m\shared\S.W.I.N.E._v1.4_patch.zip
c:\documents and settings\hp\Application Data\m\shared\ScanAsPDF 1.7.9.5.zip
c:\documents and settings\hp\Application Data\m\shared\Science_Quiz_2.0.zip
c:\documents and settings\hp\Application Data\m\shared\Screen saver Cetacea 4.0.zip
c:\documents and settings\hp\Application Data\m\shared\Serial_Cloner_1.2r5.zip
c:\documents and settings\hp\Application Data\m\shared\Shollu_3.05.zip
c:\documents and settings\hp\Application Data\m\shared\Sib Icon Converter 2.0.zip
c:\documents and settings\hp\Application Data\m\shared\Siemens Mobile Control 2.2.8.zip
c:\documents and settings\hp\Application Data\m\shared\Slawdog AquiCapture 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Snapshot 1.1.zip
c:\documents and settings\hp\Application Data\m\shared\Soft_PC_Currency_Calculator_Pro_2.6.zip
c:\documents and settings\hp\Application Data\m\shared\Step Into Chinese 0.5.zip
c:\documents and settings\hp\Application Data\m\shared\SurfSecret_CD_Rip_&_Burn_1.0_Crack.zip
c:\documents and settings\hp\Application Data\m\shared\Symantec.Norton.Ghost.10.Spanish.part04.zip
c:\documents and settings\hp\Application Data\m\shared\The Dragon's Castle 1.0.zip
c:\documents and settings\hp\Application Data\m\shared\TimeStamper 2.1.zip
c:\documents and settings\hp\Application Data\m\shared\TOCR_Viewer_2.zip
c:\documents and settings\hp\Application Data\m\shared\Tournament_Scheduler_Pro_5.0.21.zip
c:\documents and settings\hp\Application Data\m\shared\uCertify_-_MCSE_Practice_Test_for_Exam_70-214_-_102+_Questions_7.00.05.zip
c:\documents and settings\hp\Application Data\m\shared\Web_Views_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\WebPartner_Test_and_Performance_Center_3.9.zip
c:\documents and settings\hp\Application Data\m\shared\Win32.Sobig.F@mm_Removal_Tool_1.0.zip
c:\documents and settings\hp\Application Data\m\shared\Windows XP Home Startup Disk 310994.zip
c:\documents and settings\hp\Application Data\m\shared\Winglobe_2.1_Patch.zip
c:\documents and settings\hp\Application Data\m\shared\WinLexic 2005 Build 218.zip
c:\documents and settings\hp\Application Data\m\shared\Wondershare AVI MPEG Converter 3.2.49.zip
c:\documents and settings\hp\Application Data\m\shared\X-Shrink_1.5.zip
c:\documents and settings\hp\Application Data\m\shared\YASA DVD Ripper Platinum 2.8.37.1997 [Serial].zip
c:\documents and settings\hp\Application Data\m\shared\YouTUBE_downloader_2.4.zip
c:\documents and settings\hp\Application Data\m\shared\ZieTag_0.9_[Patch].zip
c:\documents and settings\hp\Application Data\m\srvlist.oct
C:\nq0cq.cmd
c:\program files\MSN Messenger\msnmsgr.exe
c:\windows\svchost.ini
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\1002203.exe
c:\windows\system32\drivers\downld\1003343.exe
c:\windows\system32\drivers\downld\1010109.exe
c:\windows\system32\drivers\downld\101453.exe
c:\windows\system32\drivers\downld\104312.exe
c:\windows\system32\drivers\downld\104921.exe
c:\windows\system32\drivers\downld\105078.exe
c:\windows\system32\drivers\downld\105890.exe
c:\windows\system32\drivers\downld\106328.exe
c:\windows\system32\drivers\downld\1064031.exe
c:\windows\system32\drivers\downld\107062.exe
c:\windows\system32\drivers\downld\1074281.exe
c:\windows\system32\drivers\downld\1085734.exe
c:\windows\system32\drivers\downld\109093.exe
c:\windows\system32\drivers\downld\1100187.exe
c:\windows\system32\drivers\downld\1152640.exe
c:\windows\system32\drivers\downld\1159828.exe
c:\windows\system32\drivers\downld\1165750.exe
c:\windows\system32\drivers\downld\1173843.exe
c:\windows\system32\drivers\downld\117703.exe
c:\windows\system32\drivers\downld\1177562.exe
c:\windows\system32\drivers\downld\1186984.exe
c:\windows\system32\drivers\downld\1188296.exe
c:\windows\system32\drivers\downld\1192890.exe
c:\windows\system32\drivers\downld\120796.exe
c:\windows\system32\drivers\downld\122031.exe
c:\windows\system32\drivers\downld\125015.exe
c:\windows\system32\drivers\downld\125203.exe
c:\windows\system32\drivers\downld\126812.exe
c:\windows\system32\drivers\downld\128234.exe
c:\windows\system32\drivers\downld\130437.exe
c:\windows\system32\drivers\downld\149156.exe
c:\windows\system32\drivers\downld\155875.exe
c:\windows\system32\drivers\downld\191812.exe
c:\windows\system32\drivers\downld\198500.exe
c:\windows\system32\drivers\downld\199890.exe
c:\windows\system32\drivers\downld\219328.exe
c:\windows\system32\drivers\downld\226890.exe
c:\windows\system32\drivers\downld\241937.exe
c:\windows\system32\drivers\downld\285828.exe
c:\windows\system32\drivers\downld\299078.exe
c:\windows\system32\drivers\downld\312015.exe
c:\windows\system32\drivers\downld\323421.exe
c:\windows\system32\drivers\downld\347453.exe
c:\windows\system32\drivers\downld\497734.exe
c:\windows\system32\drivers\downld\550984.exe
c:\windows\system32\drivers\downld\556171.exe
c:\windows\system32\drivers\downld\569000.exe
c:\windows\system32\drivers\downld\583046.exe
c:\windows\system32\drivers\downld\589171.exe
c:\windows\system32\drivers\downld\67531.exe
c:\windows\system32\drivers\downld\89203.exe
c:\windows\system32\drivers\downld\930828.exe
c:\windows\system32\drivers\downld\944093.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
C:\xih9.cmd
C:\yannh.cmd
K:\abk.bat
K:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))
.

2008-11-21 19:18 . 2008-11-21 19:20 <REP> d-------- c:\program files\FindyKill
2008-11-21 19:08 . 2008-11-21 19:08 <REP> d-------- C:\rsit
2008-11-21 18:27 . 2008-11-21 18:29 <REP> d-------- c:\documents and settings\hp\Application Data\Spyware Terminator
2008-11-21 18:26 . 2008-11-21 18:53 <REP> d-------- c:\program files\Spyware Terminator
2008-11-21 18:26 . 2008-11-21 18:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-11 18:51 . 2008-11-14 07:31 99,381 -r-hs---- C:\lky.exe
2008-11-11 07:11 . 2008-11-21 18:43 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-09 18:01 . 2008-11-11 07:10 108,271 -r-hs---- C:\whi.com
2008-11-08 07:05 . 2008-11-08 07:05 109,879 -r-hs---- C:\sq.com
2008-10-22 07:56 . 2008-10-23 07:56 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-22 07:55 . 2008-10-22 07:55 105,018 -r-hs---- C:\xlk9.com
2008-10-21 18:48 . 2008-10-20 21:43 106,249 -r-hs---- C:\2fiji.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 19:53 --------- d-----w c:\program files\MSN Messenger
2008-11-21 19:50 --------- d-----w c:\documents and settings\hp\Application Data\DNA
2008-11-21 18:17 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 18:14 --------- d-----w c:\program files\eChanblard
2008-10-01 12:55 --------- d-----w c:\documents and settings\hp\Application Data\MegauploadToolbar
2008-06-26 21:29 47,360 ----a-w c:\documents and settings\hp\Application Data\pcouffin.sys
2008-02-10 20:54 24,192 ----a-w c:\documents and settings\hp\usbsermptxp.sys
2008-02-10 20:54 22,768 ----a-w c:\documents and settings\hp\usbsermpt.sys
2007-12-17 19:13 1,841,152 ----a-w c:\program files\FLV PlayerFCSetup.exe
2007-12-17 19:10 3,928,264 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-12-17 19:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-12-12 22:34 18,480 ----a-w c:\documents and settings\hp\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_18.42.30.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-11 19:15:25 102,400 ----a-r c:\windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-11-07 18:14:38 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2007-11-16 16:49:40 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-04-11 19:30:47 307,200 ----a-r c:\windows\Installer\{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}\SafariIco.exe
- 2000-08-31 08:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 08:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2007-11-08 07:58:32 2,430 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2001-08-24 12:00:00 2,000 ----a-w c:\windows\system\KEYBOARD.DRV
+ 2001-08-24 12:00:00 2,032 ----a-w c:\windows\system\MOUSE.DRV
+ 2001-08-24 12:00:00 1,744 ----a-w c:\windows\system\SOUND.DRV
+ 2001-08-24 12:00:00 2,176 ----a-w c:\windows\system\VGA.DRV
+ 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-07-18 22:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2004-08-03 23:08:26 1,788 ----a-w c:\windows\system32\Dcache.bin
+ 1997-09-30 18:30:00 14,336 ----a-w c:\windows\system32\Delphimm.dll
- 2008-01-09 11:16:02 682,496 ----a-w c:\windows\system32\DivX.dll
+ 2008-07-25 08:34:36 683,520 ----a-w c:\windows\system32\DivX.dll
- 2008-01-09 11:16:02 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-07-25 08:34:42 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-07-25 08:34:40 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
- 2008-01-09 11:16:02 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-07-25 08:34:40 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
- 2008-01-09 11:16:02 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-07-25 08:34:40 802,816 ----a-w c:\windows\system32\divx_xx11.dll
- 2007-12-11 19:44:00 156,992 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
+ 2008-07-25 08:34:30 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
- 2008-01-09 11:18:18 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-07-25 08:36:00 524,288 ----a-w c:\windows\system32\DivXsm.exe
- 2007-12-11 19:43:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
+ 2008-07-23 16:46:38 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
- 2007-07-30 18:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-07-18 22:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 22:07:58 2,944 -c--a-w c:\windows\system32\dllcache\drmkaud.sys
+ 2001-08-24 12:00:00 2,000 -c--a-w c:\windows\system32\dllcache\keyboard.drv
+ 2001-08-24 12:00:00 2,560 -c--a-w c:\windows\system32\dllcache\lz32.dll
+ 2001-08-24 12:00:00 2,032 -c--a-w c:\windows\system32\dllcache\mouse.drv
+ 2001-08-24 12:00:00 2,944 -c--a-w c:\windows\system32\dllcache\null.sys
- 2001-08-24 12:00:00 15,360 -c--a-w c:\windows\system32\dllcache\register.exe
+ 2008-11-19 22:09:25 15,360 -c--a-w c:\windows\system32\dllcache\register.exe
+ 2001-08-24 12:00:00 1,744 -c--a-w c:\windows\system32\dllcache\sound.drv
- 2001-08-24 12:00:00 70,656 -c--a-w c:\windows\system32\dllcache\sysinfo.exe
+ 2008-11-19 22:09:25 70,656 -c--a-w c:\windows\system32\dllcache\sysinfo.exe
+ 2004-08-03 22:58:46 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
+ 2001-08-24 12:00:00 2,176 -c--a-w c:\windows\system32\dllcache\vga.drv
+ 2001-08-24 12:00:00 2,864 -c--a-w c:\windows\system32\dllcache\winsock.dll
+ 2001-08-24 12:00:00 2,112 -c--a-w c:\windows\system32\dllcache\winspool.exe
+ 2001-08-24 12:00:00 2,736 -c--a-w c:\windows\system32\dllcache\wowdeb.exe
- 2007-07-30 18:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-18 22:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 18:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-07-18 22:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-07-18 22:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 18:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-18 22:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 18:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-07-18 22:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 18:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-18 22:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-01-09 11:16:10 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2008-07-25 08:34:54 81,920 ----a-w c:\windows\system32\dpl100.dll
- 2007-12-11 19:44:20 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2008-07-25 08:34:46 294,912 ----a-w c:\windows\system32\dpu10.dll
- 2007-12-11 19:44:20 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-07-25 08:34:46 294,912 ----a-w c:\windows\system32\dpu11.dll
- 2007-12-11 19:44:22 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2008-07-25 08:34:50 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
- 2007-12-11 19:44:20 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-07-25 08:34:46 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
- 2007-12-11 19:44:20 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-07-25 08:34:46 344,064 ----a-w c:\windows\system32\dpus11.dll
- 2007-12-11 19:44:20 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2008-07-25 08:34:46 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2008-01-17 16:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2007-04-23 00:15:25 2,432 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-04-23 00:15:25 2,560 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2004-08-03 22:07:58 2,944 ----a-w c:\windows\system32\drivers\drmkaud.sys
+ 2008-01-29 12:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2001-08-24 12:00:00 2,944 ----a-w c:\windows\system32\drivers\null.sys
+ 2008-06-26 21:21:39 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
+ 2004-08-03 22:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2008-02-18 11:16:24 30,464 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2008-01-09 11:16:10 196,608 ----a-w c:\windows\system32\dtu100.dll
+ 2008-07-25 08:34:52 196,608 ----a-w c:\windows\system32\dtu100.dll
- 2008-03-14 15:30:08 246,312 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-05-07 15:15:35 257,456 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-01-29 12:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2007-09-24 22:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-02-22 00:23:35 135,168 ----a-w c:\windows\system32\java.exe
- 2007-09-24 22:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-02-22 00:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
- 2007-09-24 23:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-02-22 01:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2001-08-24 12:00:00 2,000 ----a-w c:\windows\system32\keyboard.drv
+ 2001-08-20 11:27:20 81,920 ----a-w c:\windows\system32\Langs40.dll
- 2008-01-09 11:18:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2008-07-23 16:48:40 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2001-08-24 12:00:00 2,560 ----a-w c:\windows\system32\lz32.dll
+ 2001-08-24 12:00:00 2,032 ----a-w c:\windows\system32\mouse.drv
+ 2001-08-24 12:00:00 2,656 ----a-w c:\windows\system32\netware.drv
- 2008-03-27 19:35:38 41,302 ----a-w c:\windows\system32\perfc009.dat
+ 2008-09-09 14:29:08 40,628 ----a-w c:\windows\system32\perfc009.dat
- 2008-03-27 19:35:38 50,072 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-09-09 14:29:08 49,356 ----a-w c:\windows\system32\perfc00C.dat
- 2008-03-27 19:35:38 314,998 ----a-w c:\windows\system32\perfh009.dat
+ 2008-09-09 14:29:08 314,324 ----a-w c:\windows\system32\perfh009.dat
- 2008-03-27 19:35:38 372,336 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-09-09 14:29:08 370,660 ----a-w c:\windows\system32\perfh00C.dat
+ 1999-11-02 16:57:10 32,768 ----a-w c:\windows\system32\Pldbstub.dll
+ 2001-10-10 16:54:26 327,680 ----a-w c:\windows\system32\prmt5of8.dll
+ 2001-03-23 15:51:20 61,440 ----a-w c:\windows\system32\pSETUP8.dll
+ 2001-08-23 17:47:16 5,632 ----a-w c:\windows\system32\ptpusb.dll
+ 2004-08-04 00:54:38 159,232 ----a-w c:\windows\system32\ptpusd.dll
- 2008-01-09 11:18:12 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-07-18 22:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 22:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2001-08-24 12:00:00 1,744 ----a-w c:\windows\system32\sound.drv
- 2008-01-09 11:18:00 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2008-07-23 16:48:40 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2001-08-24 12:00:00 2,176 ----a-w c:\windows\system32\vga.drv
+ 2001-08-24 12:00:00 2,864 ----a-w c:\windows\system32\winsock.dll
+ 2001-08-24 12:00:00 2,112 ----a-w c:\windows\system32\winspool.exe
+ 2001-08-24 12:00:00 2,736 ----a-w c:\windows\system32\wowdeb.exe
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-07-18 22:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-07-18 22:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-07-18 22:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-07-18 22:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-07-18 22:10:20 36,552 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-07-18 22:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-07-18 22:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
- 2007-05-31 19:29:42 18,280 ----a-w c:\windows\system32\x3daudio1_2.dll
+ 2007-07-19 23:54:28 18,280 ----a-w c:\windows\system32\x3daudio1_2.dll
- 2007-05-31 19:30:22 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2003-03-15 23:15:04 90,112 ----a-w c:\windows\unvise32.exe
+ 2008-03-28 15:18:24 2,829 ----a-w c:\windows\War3Unin.pif
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-05-31 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-10 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-21 78008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-05 5566464]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2007-12-10 925696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\UT2004\\System\\UT2004.exe"=

R0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2007-12-10 402432]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f88c58-0258-11dd-b58e-0060b3422cac}]
\Shell\AutoRun\command - K:\abk.bat
\Shell\explore\Command - K:\abk.bat
\Shell\open\Command - K:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}]
\Shell\1\Command - K:\autorun.pif
\Shell\2\Command - K:\autorun.pif
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7def9ec-67ca-11dd-b652-0060b3422cac}]
\Shell\AutoRun\command - K:\nq0cq.cmd
\Shell\explore\Command - K:\nq0cq.cmd
\Shell\open\Command - K:\nq0cq.cmd
.
Contenu du dossier 'Tâches planifiées'

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\3nroblrv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 19:55:57
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Heure de fin: 2008-11-21 20:00:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-21 20:00:16
ComboFix2.txt 2008-04-06 20:07:41
ComboFix3.txt 2008-04-06 18:43:04

Avant-CF: 174,160,781,312 octets libres
Après-CF: 174,158,086,144 octets libres

494 --- E O F --- 2008-03-13 07:24:10

-------------- UsbFix V2.411 ---------------

* User : hp - UNICORNI-E92414
* Outils mis a jours le 21/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:11:39 le 21/11/2008
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\2.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

K: - Lecteur amovible


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[07/11/2007 17:48][--a------] C:\AUTOEXEC.BAT
[20/10/2008 21:43][-r-hs----] C:\2fiji.com
[20/10/2008 21:43][-r-hs----] C:\NTDETECT.COM
[20/10/2008 21:43][-r-hs----] C:\sq.com
[20/10/2008 21:43][-r-hs----] C:\whi.com
[20/10/2008 21:43][-r-hs----] C:\xlk9.com
[14/11/2008 07:31][-r-hs----] C:\lky.exe
[21/11/2008 18:48][-rahs----] C:\boot.ini
[21/11/2008 20:00][--a------] C:\ComboFix.txt
[21/11/2008 20:00][--a------] C:\UsbFix.txt
[21/11/2008 20:00][--a------] C:\VundoFix.txt
[07/11/2007 17:48][--a------] C:\CONFIG.SYS
[07/11/2007 17:48][--a------] C:\IO.SYS
[07/11/2007 17:48][--a------] C:\MSDOS.SYS
[07/11/2007 17:48][--a------] C:\pagefile.sys

--------------- [ Lecteur K ] ----------------

K: - Lecteur amovible


+- Listing des fichiers présents :

[21/11/2008 19:07][--a------] K:\RSIT.exe
[21/11/2008 19:07][--a------] K:\SpywareTerminatorSetup.exe
[21/11/2008 19:07][--a------] K:\FindyKill.exe
[21/11/2008 19:07][--a------] K:\killbagle.exe
[21/11/2008 19:07][--a------] K:\UsbFix.exe
[21/11/2008 20:00][--a------] K:\log.txt
[21/11/2008 20:00][--a------] K:\FindyKill.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f88c58-0258-11dd-b58e-0060b3422cac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f88c58-0258-11dd-b58e-0060b3422cac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f88c58-0258-11dd-b58e-0060b3422cac}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80e7edba-ab51-11dc-b4e5-0060b3422cac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7def9ec-67ca-11dd-b652-0060b3422cac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7def9ec-67ca-11dd-b652-0060b3422cac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7def9ec-67ca-11dd-b652-0060b3422cac}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [20/10/2008 21:43][-r-hs----] C:\2fiji.com
Supprimé ! - [14/11/2008 07:31][-r-hs----] C:\lky.exe
Supprimé ! - [08/11/2008 07:05][-r-hs----] C:\sq.com
Supprimé ! - [11/11/2008 07:10][-r-hs----] C:\whi.com
Supprimé ! - [22/10/2008 07:55][-r-hs----] C:\xlk9.com

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[07/11/2007 17:48][--a------] C:\AUTOEXEC.BAT
[03/08/2004 20:38][-rahs----] C:\NTDETECT.COM
[21/11/2008 18:48][-rahs----] C:\boot.ini
[21/11/2008 19:07][--a------] K:\RSIT.exe
[21/11/2008 19:07][--a------] K:\SpywareTerminatorSetup.exe
[21/11/2008 19:07][--a------] K:\FindyKill.exe
[21/11/2008 19:07][--a------] K:\killbagle.exe
[21/11/2008 19:07][--a------] K:\UsbFix.exe

--------------- ! Fin du rapport ! ----------------

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1414
Windows 5.1.2600 Service Pack 2

21/11/2008 21:02:11
mbam-log-2008-11-21 (21-02-11).txt

Type de recherche: Examen complet (C:\|K:\|)
Eléments examinés: 109674
Temps écoulé: 19 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eChanblard\EvID4226Patch.exe.infect (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23D6D910-6EEB-44DC-A6BE-8CD75F5DD407}\RP319\A0036343.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

ca c le deuxiéme raport, le premier ne c'est pas affiché mais des fichiers on été suprimé

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Program Files\UsbFix: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\UsbFix: ERREUR DE SUPPRESSION !!

il n'y a pas "centre de sauvegarde et de restauration" dans le panneau de config et avast ne marche toujours pas

eske tu est toujours là?

bon jai desinstallé avast et installé antivir, alors je crois que c'est tout donc Merci beaucoup.

Avira AntiVir Personal
Report file date: vendredi 21 novembre 2008 22:15

Scanning for 1045520 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: hp
Computer name: UNICORNI-E92414

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 10:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 09:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 14:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:02:57
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 22:03:08
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 22:03:11
ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 21/11/2008 22:03:12
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 12:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 21/11/2008 22:03:28
AESCN.DLL : 8.1.1.5 123251 Bytes 21/11/2008 22:03:27
AERDL.DLL : 8.1.1.3 438645 Bytes 21/11/2008 22:03:25
AEPACK.DLL : 8.1.3.4 393591 Bytes 21/11/2008 22:03:24
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 21/11/2008 22:03:22
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 21/11/2008 22:03:20
AEHELP.DLL : 8.1.2.0 119159 Bytes 21/11/2008 22:03:15
AEGEN.DLL : 8.1.1.5 323956 Bytes 21/11/2008 22:03:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 12:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 21/11/2008 22:03:13
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 12:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 10:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 11:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 21/11/2008 22:03:12
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 13:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 14:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 14:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 15:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 15:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:, H:, I:, D:, E:, J:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 21 novembre 2008 22:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\gasretyw1.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.


End of the scan: vendredi 21 novembre 2008 22:36
Used time: 21:06 Minute(s)

The scan has been done completely.

5637 Scanning directories
313974 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
313972 Files not concerned
1619 Archives were scanned
5 Warnings
1 Notes

jai deja hijack mais il ne ce lance pas, voila le msg qui s'affiche:

"c:\hijackthis.exe n'est pas une application win32 valide."

voila le raport:



----------------- FindyKill V4.705 ------------------

* User : hp - UNICORNI-E92414
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 19:18:38 le 21/11/2008
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\drivers\downld\104921.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\WINDOWS\system32\drivers\downld\104921.exe" (3596)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\104312.EXE-0BED065E.pf
Found ! - C:\WINDOWS\prefetch\104921.EXE-07D9B9EC.pf
Found ! - C:\WINDOWS\prefetch\105078.EXE-22715E99.pf
Found ! - C:\WINDOWS\prefetch\107062.EXE-0600E2C5.pf
Found ! - C:\WINDOWS\prefetch\149156.EXE-33A2A423.pf
Found ! - C:\WINDOWS\prefetch\155875.EXE-01074F6C.pf
Found ! - C:\WINDOWS\prefetch\191812.EXE-2D6FCFC9.pf
Found ! - C:\WINDOWS\prefetch\219328.EXE-18B17CEC.pf
Found ! - C:\WINDOWS\prefetch\226890.EXE-01D1D7DA.pf
Found ! - C:\WINDOWS\prefetch\241937.EXE-38BE089B.pf
Found ! - C:\WINDOWS\prefetch\285828.EXE-202C50ED.pf
Found ! - C:\WINDOWS\prefetch\67531.EXE-082405E9.pf
Found ! - C:\WINDOWS\prefetch\930828.EXE-0074BE21.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1F4F3159.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\CRAC.EXE-3416DC99.pf
Found ! - C:\WINDOWS\Prefetch\PAINKILLER PATCH 1.61.EXE-00269AFA.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [21/11/2008 19:04] - C:\WINDOWS\system32\mdelk.exe
Found ! [21/11/2008 19:04] - C:\WINDOWS\system32\wintems.exe
Found ! [21/11/2008 19:04] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [21/11/2008 18:49] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [21/11/2008 18:49] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [05/03/2005 10:05] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [21/11/2008 19:08] - "C:\WINDOWS\system32\drivers\downld"
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1002203.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1003343.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1010109.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\101453.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\104312.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\104921.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\105078.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\105890.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\106328.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1064031.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\107062.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1074281.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1085734.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\109093.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1100187.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1152640.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1159828.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1165750.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1173843.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\117703.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1177562.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1186984.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1188296.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\1192890.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\120796.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\122031.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\125015.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\125203.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\126812.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\128234.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\130437.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\149156.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\155875.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\191812.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\198500.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\199890.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\219328.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\226890.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\241937.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\285828.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\299078.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\312015.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\323421.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\347453.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\497734.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\550984.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\556171.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\569000.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\583046.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\589171.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\67531.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\89203.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\930828.exe
Found ! [21/11/2008 19:08] - C:\WINDOWS\system32\drivers\downld\944093.exe

»»»» Presence des fichiers dans C:\Documents and Settings\hp\Application Data

Found ! [19/11/2008 14:29] - "C:\Documents and Settings\hp\Application Data\m\flec006.exe"
Found ! [21/11/2008 18:52] - "C:\Documents and Settings\hp\Application Data\m\list.oct"
Found ! [21/11/2008 18:52] - "C:\Documents and Settings\hp\Application Data\m\data.oct"
Found ! [21/11/2008 18:52] - "C:\Documents and Settings\hp\Application Data\m\srvlist.oct"
Found ! [21/11/2008 18:53] - "C:\Documents and Settings\hp\Application Data\m\shared"
Found ! [19/11/2008 14:30] - "C:\Documents and Settings\hp\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\hp\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5

Found ! [21/11/2008 18:40] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_1[1].jpg
Found ! [19/11/2008 14:27] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_2[1].jpg
Found ! [19/11/2008 14:30] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_2[2].jpg
Found ! [21/11/2008 18:50] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_2[3].jpg
Found ! [19/11/2008 14:29] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_3[1].jpg
Found ! [21/11/2008 19:04] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\b64_3[2].jpg
Found ! [21/11/2008 18:52] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\1ZRH5ZLS\mxd[1].jpg
Found ! [19/11/2008 14:27] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\58I160AN\b64_1[1].jpg
Found ! [21/11/2008 18:41] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\58I160AN\b64_3[1].jpg
Found ! [19/11/2008 14:20] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\7Y3QO8W9\b64_1[1].jpg
Found ! [19/11/2008 14:22] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\7Y3QO8W9\b64_2[1].jpg
Found ! [19/11/2008 14:21] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\7Y3QO8W9\b64_3[1].jpg
Found ! [19/11/2008 14:29] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\Q0ZG22EU\b64[1].jpg
Found ! [21/11/2008 18:50] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\Q0ZG22EU\b64_1[1].jpg
Found ! [19/11/2008 14:29] - C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\Q0ZG22EU\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

kamsoft=C:\WINDOWS\system32\kamsoft.exe
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1614895754-1425521274-682003330-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- Contenu de l'autorun : C:\autorun.inf

;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl


+- presence des fichiers :

Found ! [21/11/2008 19:19][-r-hs----] - C:\autorun.inf


--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by hp at 2008-11-21 20:24:01
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 166 GB (87%) free of 191 GB
Total RAM: 1022 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eChanblard\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2801EF06-BB36-46B8-8236-80CB50F68702}: NameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BDB4522-A34C-4FE0-BC08-94429F83BFD3}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)