Spywares impossibles à enlever

Logfile of random's system information tool 1.04 (written by random/random)
Run by at 2008-12-12 19:13:24
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 54 GB (27%) free of 200 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:36, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

ComboFix 08-12-09.03 - Steve Truong 2008-12-13 0:46:45.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1621 [GMT 1:00]
Lancé depuis: c:\documents and settings\X\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\X\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\windows\system32\append.dll
c:\windows\system32\wowfx.dll
c:\windows\system32\xlib254.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\1951751586\

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.

2008-12-12 19:13 . 2008-12-12 19:13 <REP> d-------- C:\rsit
2008-12-12 00:31 . 2008-12-12 00:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-10 20:00 . 2008-12-10 20:00 <REP> d-------- c:\program files\CCleaner
2008-12-09 22:28 . 2008-12-09 22:28 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-12-09 19:46 . 2008-12-09 19:46 <REP> d-------- c:\program files\Avira
2008-12-09 19:46 . 2008-12-09 19:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-09 18:50 . 2008-12-09 18:50 2 --a------ C:\1951751586
2008-12-05 22:34 . 2008-12-05 22:35 <REP> d-------- c:\windows\ERUNT
2008-12-04 19:27 . 2008-12-09 22:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 19:27 . 2008-12-04 19:27 <REP> d-------- c:\documents and settings\X\Application Data\Malwarebytes
2008-12-04 19:27 . 2008-12-04 19:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:27 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 19:27 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:27 . 2008-12-05 15:57 94 --a------ C:\Thunbs.db
2008-12-04 19:05 . 2008-12-04 19:04 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-15 19:12 . 2008-11-16 20:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:45 --------- d-----w c:\documents and settings\X\Application Data\Azureus
2008-12-10 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 20:03 --------- d-----w c:\program files\eMule
2008-12-04 18:04 --------- d-----w c:\program files\Java
2008-12-03 20:55 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 18:19 14,336 ----a-w c:\windows\system32\svchost.exe
2008-11-27 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 13:47 --------- d-----w c:\program files\Activision
2008-11-23 11:19 --------- d-----w c:\program files\Azureus
2008-11-15 17:49 --------- d-----w c:\program files\DivX
2008-11-15 17:45 --------- d-----w c:\program files\Steam
2008-11-15 17:32 --------- d-----w c:\program files\Sports Interactive
2008-11-09 10:25 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-01 13:05 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-01 13:05 --------- d-----w c:\program files\AGEIA Technologies
2008-11-01 11:56 --------- d--h--r c:\documents and settings\X\Application Data\SecuROM
2008-11-01 11:40 --------- d-----w c:\program files\Ubisoft
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 11:13 --------- d-----w c:\program files\WorldOfGoo
2008-10-18 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2008-10-18 11:07 --------- d-----w c:\program files\BestGameEver
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 10:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-08-08 16:41 22,328 ----a-w c:\documents and settings\X\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_22.49.49.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:39:40 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 08:11:52 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 08:11:52 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 08:11:52 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 08:11:52 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 08:11:53 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 08:11:45 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 08:11:45 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 08:11:45 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:18:31 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:00 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 08:11:45 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:39:40 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:12:20 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 08:11:45 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 08:11:45 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 08:11:46 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 08:11:48 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 08:11:48 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 08:11:49 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-03 23:54:54 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 00:31:06 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 08:11:49 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 08:11:49 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 08:11:52 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 08:11:52 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:18:40 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 08:11:52 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:18:41 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 08:11:52 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 08:11:52 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-24 12:19:40 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 08:11:52 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 08:11:53 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 08:11:54 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:18:43 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2004-08-03 23:54:48 1,050,624 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2007-10-25 09:01:10 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 08:11:45 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:18:31 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-08-26 08:11:45 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:39:40 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:12:20 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-08-26 08:11:45 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-08-26 08:11:45 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-08-26 08:11:46 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 08:11:48 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:18:35 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-08-26 08:11:48 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 08:11:49 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 ------w c:\windows\system32\jsproxy.dll
- 2004-08-03 23:54:54 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 08:11:49 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 08:11:49 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 09:11:52 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 08:11:52 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:18:40 193,024 ------w c:\windows\system32\msrating.dll
- 2008-08-26 08:11:52 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:18:41 671,232 ------w c:\windows\system32\mstime.dll
- 2008-08-26 08:11:52 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:18:41 102,912 ------w c:\windows\system32\occache.dll
- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:03:54 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 08:11:52 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 08:11:53 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2004-08-03 23:54:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2007-10-25 09:01:10 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-12 10:05:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_478.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-04 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-08 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-03-09 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lost\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Steam\\steamapps\\balthazar_95@yahoo.fr\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:Voice Chat Port
"27900:UDP"= 27900:UDP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:UDP"= 13139:UDP:Custom UDP Pings
"6515:UDP"= 6515:UDP:Dplay UDP
"6500:TCP"= 6500:TCP:Query Port
"47624:TCP"= 47624:TCP:TCP 47624

R3 pctvvbi;PCTVVBI;c:\windows\system32\DRIVERS\pctvvbi.sys [2008-03-02 6400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20569ee0-2cea-11dd-b65c-001a4d5fd30b}]
\Shell\AutoRun\command - F:\w2ngo.com
\Shell\explore\Command - F:\w2ngo.com
\Shell\open\Command - F:\w2ngo.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489f8dea-9ba2-11dd-b81b-001a4d5fd30b}]
\Shell\AutoRun\command - G:\SSVICHOSST.exe
\Shell\Open\command - G:\SSVICHOSST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91e570a4-2c27-11dd-b659-001a4d5fd30b}]
\Shell\AutoRun\command - SSVICHOSST.exe
\Shell\Open\command - SSVICHOSST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e9a208-efb2-11dc-b589-001a4d5fd30b}]
\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 00:50:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-13 0:51:41
ComboFix-quarantined-files.txt 2008-12-12 23:51:25
ComboFix2.txt 2008-12-10 21:50:04
ComboFix3.txt 2008-12-06 20:50:10

Avant-CF: 56 510 738 432 octets libres
Après-CF: 56,900,579,328 octets libres

393 --- E O F --- 2008-12-11 23:32:38

ComboFix 08-12-09.03 - X 2008-12-14 12:04:22.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1643 [GMT 1:00]
Lancé depuis: c:\documents and settings\X\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\X\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
F:\w2ngo.com
G:\SSVICHOSST.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.

2008-12-13 11:29 . 2008-12-13 11:34 <REP> d-------- c:\program files\UsbFix
2008-12-12 19:13 . 2008-12-12 19:13 <REP> d-------- C:\rsit
2008-12-12 00:31 . 2008-12-12 00:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-10 20:00 . 2008-12-10 20:00 <REP> d-------- c:\program files\CCleaner
2008-12-09 22:28 . 2008-12-09 22:28 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-12-09 19:46 . 2008-12-09 19:46 <REP> d-------- c:\program files\Avira
2008-12-09 19:46 . 2008-12-09 19:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-09 18:50 . 2008-12-09 18:50 2 --a------ C:\1951751586
2008-12-05 22:34 . 2008-12-05 22:35 <REP> d-------- c:\windows\ERUNT
2008-12-04 19:27 . 2008-12-09 22:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 19:27 . 2008-12-04 19:27 <REP> d-------- c:\documents and settings\X\Application Data\Malwarebytes
2008-12-04 19:27 . 2008-12-04 19:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:27 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 19:27 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:27 . 2008-12-05 15:57 94 --a------ C:\Thunbs.db
2008-12-04 19:05 . 2008-12-04 19:04 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-15 19:12 . 2008-11-16 20:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 11:03 --------- d-----w c:\documents and settings\X\Application Data\Azureus
2008-12-10 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 20:03 --------- d-----w c:\program files\eMule
2008-12-04 18:04 --------- d-----w c:\program files\Java
2008-12-03 20:55 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 18:19 14,336 ----a-w c:\windows\system32\svchost.exe
2008-11-27 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 13:47 --------- d-----w c:\program files\Activision
2008-11-23 11:19 --------- d-----w c:\program files\Azureus
2008-11-15 17:49 --------- d-----w c:\program files\DivX
2008-11-15 17:45 --------- d-----w c:\program files\Steam
2008-11-15 17:32 --------- d-----w c:\program files\Sports Interactive
2008-11-09 10:25 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-01 13:05 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-01 13:05 --------- d-----w c:\program files\AGEIA Technologies
2008-11-01 11:56 --------- d--h--r c:\documents and settings\X\Application Data\SecuROM
2008-11-01 11:40 --------- d-----w c:\program files\Ubisoft
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 11:13 --------- d-----w c:\program files\WorldOfGoo
2008-10-18 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2008-10-18 11:07 --------- d-----w c:\program files\BestGameEver
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 10:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-08-08 16:41 22,328 ----a-w c:\documents and settings\X\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-13_ 0.50.59,07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 10:19:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_464.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-04 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-08 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-03-09 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lost\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Steam\\steamapps\\X\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:Voice Chat Port
"27900:UDP"= 27900:UDP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:UDP"= 13139:UDP:Custom UDP Pings
"6515:UDP"= 6515:UDP:Dplay UDP
"6500:TCP"= 6500:TCP:Query Port
"47624:TCP"= 47624:TCP:TCP 47624

R3 pctvvbi;PCTVVBI;c:\windows\system32\DRIVERS\pctvvbi.sys [2008-03-02 6400]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:07:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-14 12:08:25
ComboFix-quarantined-files.txt 2008-12-14 11:08:10
ComboFix2.txt 2008-12-12 23:51:42
ComboFix3.txt 2008-12-10 21:50:04
ComboFix4.txt 2008-12-06 20:50:10

Avant-CF: 56 658 157 568 octets libres
Après-CF: 56,865,312,768 octets libres

194 --- E O F --- 2008-12-11 23:32:38

En dehors de quelques messages d'alertes d'Antivir, tout a l'air de marcher normalement.

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/14/2008 at 02:40 PM

Application Version : 4.23.1006

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Complete Scan
Total Scan Time : 01:10:12

Memory items scanned : 374
Memory threats detected : 0
Registry items scanned : 4582
Registry threats detected : 6
File items scanned : 99443
File threats detected : 71

Adware.Tracking Cookie
C:\Documents and Settings\\Cookies\@smartadserver[1].txt
C:\Documents and Settings\\Cookies\@ads.widgetbucks[2].txt
C:\Documents and Settings\\Cookies\@bs.serving-sys[2].txt
C:\Documents and Settings\\Cookies\@track.effiliation[1].txt
C:\Documents and Settings\\Cookies\@aem.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@statcounter[2].txt
C:\Documents and Settings\\Cookies\@bewebmedia[1].txt
C:\Documents and Settings\\Cookies\@ad.zanox[1].txt
C:\Documents and Settings\\Cookies\@xiti[1].txt
C:\Documents and Settings\\Cookies\@estat[1].txt
C:\Documents and Settings\\Cookies\@adtech[2].txt
C:\Documents and Settings\\Cookies\@cnam.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@advertstream[2].txt
C:\Documents and Settings\\Cookies\@cetelem.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@wysistat[1].txt
C:\Documents and Settings\\Cookies\@adserver.aol[1].txt
C:\Documents and Settings\\Cookies\@msnportal.112.2o7[1].txt
C:\Documents and Settings\\Cookies\@shop.zanox[1].txt
C:\Documents and Settings\\Cookies\@server.cpmstar[1].txt
C:\Documents and Settings\\Cookies\@www.googleadservices[1].txt
C:\Documents and Settings\\Cookies\@zedo[1].txt
C:\Documents and Settings\\Cookies\@overture[1].txt
C:\Documents and Settings\\Cookies\@ads.monster[1].txt
C:\Documents and Settings\\Cookies\@adbrite[2].txt
C:\Documents and Settings\\Cookies\@himedia.112.2o7[1].txt
C:\Documents and Settings\\Cookies\@www.googleadservices[2].txt
C:\Documents and Settings\\Cookies\@adinterax[2].txt
C:\Documents and Settings\\Cookies\@mediamgr.ugo[1].txt
C:\Documents and Settings\\Cookies\@mediaplex[2].txt
C:\Documents and Settings\\Cookies\@aimfar.solution.weborama[1].txt
C:\Documents and Settings\\Cookies\@revsci[1].txt
C:\Documents and Settings\\Cookies\@ad.yieldmanager[1].txt
C:\Documents and Settings\\Cookies\@indextools[1].txt
C:\Documents and Settings\\Cookies\@clickintext[2].txt
C:\Documents and Settings\\Cookies\@adserver.adremedy[1].txt
C:\Documents and Settings\\Cookies\@himedia.individuad[2].txt
C:\Documents and Settings\\Cookies\@tracking.publicidees[2].txt
C:\Documents and Settings\\Cookies\@doubleclick[1].txt
C:\Documents and Settings\\Cookies\@serving-sys[2].txt
C:\Documents and Settings\\Cookies\@interhome.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@clicktorrent[2].txt
C:\Documents and Settings\\Cookies\@ad.proxad[1].txt
C:\Documents and Settings\\Cookies\@statsweb.bnpparibas[2].txt
C:\Documents and Settings\\Cookies\@fastclick[1].txt
C:\Documents and Settings\\Cookies\@atdmt[2].txt
C:\Documents and Settings\\Cookies\@advertising[1].txt
C:\Documents and Settings\\Cookies\@247realmedia[2].txt
C:\Documents and Settings\\Cookies\@apmebf[1].txt
C:\Documents and Settings\\Cookies\@weborama[1].txt
C:\Documents and Settings\\Cookies\@media.adrevolver[1].txt
C:\Documents and Settings\\Cookies\@ads7.hermoment[1].txt
C:\Documents and Settings\\Cookies\@samsung.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@adopt.euroclick[2].txt
C:\Documents and Settings\\Cookies\@nike.112.2o7[1].txt
C:\Documents and Settings\\Cookies\@track.espaceclient[1].txt
C:\Documents and Settings\\Cookies\@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@clickcash[1].txt
C:\Documents and Settings\\Cookies\@ads.bestofmedia[2].txt
C:\Documents and Settings\\Cookies\@yourmedia[1].txt
C:\Documents and Settings\\Cookies\@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\\Cookies\@ads.pointroll[1].txt
C:\Documents and Settings\\Cookies\@tracking.veille-referencement[2].txt
C:\Documents and Settings\\Cookies\@date.ventivmedia[1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\74554F83
HKLM\Software\Microsoft\74554F83#74554f83
HKLM\Software\Microsoft\74554F83#Version
HKLM\Software\Microsoft\74554F83#7455e203
HKLM\Software\Microsoft\74554F83#74558be6
HKU\S-1-5-21-1409082233-2052111302-839522115-1003\Software\Microsoft\FIAS4018

Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP201\A0071364.DLL

Depuis le scan de SAS, il n'y a plus eu de nouveaux messages. Voici quelques évènements constatés par Antivir :

Evénements exportés :

13/12/2008 18:54 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071914.dll'
un virus ou un programme indésirable 'TR/Agent.alos' [trojan] a été détecté.
Action exécutée : Déplacer le fichier en quarantaine

13/12/2008 11:55 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\Documents and Settings\Steve Truong\Local
Settings\Temporary Internet Files\Content.IE5\XD15PLXO\newfunc[1].htm'
un virus ou un programme indésirable 'EXP/XMLSPAN.A' [exploit] a été détecté.
Action exécutée : Supprimer le fichier

13/12/2008 11:25 [Guard] Logiciel malveillant détecté
Dans le fichier 'G:\autorun.inf'
un virus ou un programme indésirable 'INF/AutoRun.J' [virus] a été détecté.
Action exécutée : Supprimer le fichier

13/12/2008 11:23 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071906.dll'
un virus ou un programme indésirable 'BDS/TDSS.KD' [backdoor] a été détecté.
Action exécutée : Déplacer le fichier en quarantaine

12/12/2008 21:07 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071905.dll'
un virus ou un programme indésirable 'BDS/TDSS.acs' [backdoor] a été détecté.
Action exécutée : Déplacer le fichier en quarantaine

12/12/2008 18:35 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071904.dll'
un virus ou un programme indésirable 'BDS/TDSS.adb' [backdoor] a été détecté.
Action exécutée : Supprimer le fichier

12/12/2008 13:31 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071903.dll'
un virus ou un programme indésirable 'BDS/TDSS.JW' [backdoor] a été détecté.
Action exécutée : Supprimer le fichier

11/12/2008 21:54 [Guard] Logiciel malveillant détecté
Dans le fichier 'C:\System Volume
Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP206\A0071902.sys'
un virus ou un programme indésirable 'RKIT/TDss.G.22' [trojan] a été détecté.
Action exécutée : Supprimer le fichier

pour l'instant pas de nouveaux messages d'alertes de la part d'antivir

-------------- UsbFix V2.413.4 ---------------

* User : X - X
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 11:10:02 le 15/12/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\X~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

G: - Lecteur amovible


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=aoesetup.exe /autorun
icon=48256.ico

shell\setup=Installer Age of Empires II
shell\setup\command=aoesetup.exe /autorun

shell\zone=Installer Internet Gaming Zone
shell\zone\command=goodies\mszone\zonea600.exe

shell\directx=Installer DirectX 6.1
shell\directx\command=DirectX\dxsetup.exe

shell\dplay=Installer DirectPlay 6.1a
shell\dplay\command=DirectX\dplay61a.exe

shell\dxdiag=Installer Adobe Acrobat Reader
shell\dxdiag\command=goodies\ar40fra.exe

shell\log=Enregistrer la configuration de la machine
shell\log\command=goodies\machine\machine.exe -l

shell\machine=Afficher la configuration de la machine
shell\machine\command=goodies\machine\machine.exe

shell\dxinfo=Afficher des informations sur DirectX
shell\dxinfo\command=goodies\DirectX\dxinfo.exe

shell\dxtool=Exécuter l'outil DirectX
shell\dxtool\command=goodies\DirectX\dxtool.exe

shell\dxtest=Exécuter DirectX Diagnostic
shell\dxtest\command=DirectX\dxdiag.exe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[02/03/2008 16:04][--a------] C:\AUTOEXEC.BAT
[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM
[06/07/2008 22:53][---hs----] C:\boot.ini
[16/10/2008 20:33][--a------] C:\reg.inf
[14/12/2008 12:08][--a------] C:\ComboFix.txt
[14/12/2008 12:08][--a------] C:\UsbFix.txt
[14/12/2008 12:08][--a------] C:\VundoFix.txt
[02/03/2008 16:04][--a------] C:\CONFIG.SYS
[02/03/2008 16:04][--a------] C:\IO.SYS
[02/03/2008 16:04][--a------] C:\MSDOS.SYS
[02/03/2008 16:04][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[15/09/1999 01:47][-r-------] E:\AOESETUP.EXE
[15/09/1999 01:47][-r-------] E:\CLOKSPL.EXE
[25/09/1999 23:30][-r-------] E:\AUTORUN.INF
[25/09/1999 18:03][-r-------] E:\SECDRV.SYS

--------------- [ Lecteur G ] ----------------

G: - Lecteur amovible


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
36X Raid Configurer=C:\WINDOWS\system32\xRaidSetup.exe boot
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
C-Media Mixer=Mixer.exe /startup
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NeroCheck=C:\WINDOWS\system32\\NeroCheck.exe
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------


-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [25/09/1999 23:30] E:\autorun.inf
Echec de la supression !! - [25/09/1999 23:30] E:\autorun.inf
Echec de la supression !! - [25/09/1999 23:30] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[02/03/2008 16:04][--a------] C:\AUTOEXEC.BAT
[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM
[06/07/2008 22:53][---hs----] C:\boot.ini
[16/10/2008 20:33][--a------] C:\reg.inf
[15/09/1999 01:47][-r-------] E:\AOESETUP.EXE
[15/09/1999 01:47][-r-------] E:\CLOKSPL.EXE
[25/09/1999 23:30][-r-------] E:\AUTORUN.INF

--------------- ! Fin du rapport ! ----------------

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
========== FILES ==========
========== SERVICES/DRIVERS ==========
Unable to stop service F:\w2ngo.com .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_418.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_132746

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_418.dat not found!

j'ai fait le scan mais j'ai oublié d'obtenir le rapport, en gros il a détecté des objets suspects dans des cracks.

bon j'ai refait le scan sans oublier de prendre le rapport cette fois ci :

BitDefender Online Scanner



Scan report generated at: Sun, Dec 21, 2008 - 17:24:35





Scan path: C:\;D:\;E:\;F:\;







Statistics

Time
03:17:15

Files
1181717

Folders
11872

Boot Sectors
0

Archives
17646

Packed Files
27516




Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
2377247

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

D:\System Volume Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP247\A0077315.dll
Detected with: Application.Motherboardmon.A

D:\System Volume Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP247\A0077315.dll
Disinfection failed

D:\System Volume Information\_restore{CB10E6BF-010D-4EE2-948F-3C94B5014AB0}\RP247\A0077315.dll
Deleted

Fichier -1133392630.exe reçu le 2008.12.18 09:45:44 (CET)
Situation actuelle: terminé

Résultat: 0/38 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3701 2008.12.18 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 -
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Information additionnelle
File size: 2 bytes
MD5...: 444bcb3a3fcf8389296c49467f27e1d6
SHA1..: 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
SHA512: 9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936c
e83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570

ssdeep: 3:V:V

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
CWSandbox info: http://research.sunbelt-software.com/...

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Award Modular BIOS v6.00PG
USER : Steve Truong ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:195 Go (Free:36 Go)
D:\ (Local Disk) - NTFS - Total:270 Go (Free:17 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 24/12/2008|20:34 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\STEVET~1\Application Data\Azureus\torrents\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911_[mininova].torrent
C:\DOCUME~1\STEVET~1\Application Data\Azureus\torrents\Call_of_Duty__World_at_War_Crack.4499606.TPB.torrent
C:\DOCUME~1\STEVET~1\Application Data\Azureus\torrents\Crysis_Warhead_Crack___Serial.rar_[mininova][1].torrent
C:\DOCUME~1\STEVET~1\Application Data\Azureus\torrents\Football_Manager_2008_(8.0.2_No-Cd_Crack.4094425.TPB.torrent
C:\DOCUME~1\STEVET~1\Application Data\Azureus\torrents\Grand_Theft_Auto_IV_Crack_Only-Razor1911_[mininova].torrent
C:\DOCUME~1\STEVET~1\Recent\Grand_Theft_Auto_IV_Crack_Only-Razor1911.lnk
C:\DOCUME~1\STEVET~1\Recent\Grand_Theft_Auto_IV_Crack_Only-Razor1911_[mininova].lnk
C:\DOCUME~1\STEVET~1\Recent\rzr-gta4-crack.lnk
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip



1 - "C:\ToolBar SD\TB_1.txt" - 24/12/2008|20:35 - Option : [1]

-----------\\ Fin du rapport a 20:35:32,93

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Award Modular BIOS v6.00PG
USER : X ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:195 Go (Free:27 Go)
D:\ (Local Disk) - NTFS - Total:270 Go (Free:19 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 03/01/2009|14:02 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\X~1\Application Data\Azureus\torrents\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911_[mininova].torrent
C:\DOCUME~1\X~1\Application Data\Azureus\torrents\Call_of_Duty__World_at_War_Crack.4499606.TPB.torrent
C:\DOCUME~1\X~1\Application Data\Azureus\torrents\Crysis_Warhead_Crack___Serial.rar_[mininova][1].torrent
C:\DOCUME~1\X~1\Application Data\Azureus\torrents\Football_Manager_2008_(8.0.2_No-Cd_Crack.4094425.TPB.torrent
C:\DOCUME~1\X~1\Application Data\Azureus\torrents\Grand_Theft_Auto_IV_Crack_Only-Razor1911_[mininova].torrent
C:\DOCUME~1\X~1\Recent\CRACK.lnk
C:\DOCUME~1\X~1\Recent\fm2009-crack&patch.lnk
C:\DOCUME~1\X~1\Recent\Grand_Theft_Auto_IV_Crack_Only-Razor1911_[mininova].lnk
C:\DOCUME~1\X~1\Recent\rzr-gta4-crack.lnk
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip



1 - "C:\ToolBar SD\TB_1.txt" - 24/12/2008|20:35 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 03/01/2009|14:03 - Option : [2]

-----------\\ Fin du rapport a 14:03:37,68

a

c'est fait

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:17, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

SmitFraudFix v2.382

Rapport fait à 19:08:51,48, 15/01/2009
Executé à partir de C:\Documents and Settings\X\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\X\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\X


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\X~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\X\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\X~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25B8D9FD-A0AE-437A-B961-B8D6ED75168B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{25B8D9FD-A0AE-437A-B961-B8D6ED75168B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

je te confirme que je n'ai plus de problèmes

SmitFraudFix v2.382

Rapport fait à 16:01:35,53, 19/01/2009
Executé à partir de C:\Documents and Settings\Steve Truong\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25B8D9FD-A0AE-437A-B961-B8D6ED75168B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{25B8D9FD-A0AE-437A-B961-B8D6ED75168B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B919DDB-09B2-41A3-B17B-206C2CF0BCD8}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

en tout cas merci beaucoup de ton aide c'était super sympa de ta part !