Echelon

Vous n'avez pas besoin du dernier word en pack post ultimate gold platinum version director's cut avec les bonus-J'ai bien ris avec celle la. Merci encore du coup de main Falk.

Pour ce qui est de l'infection en tant que telle,a quelle nom d'infection je dois me referer, TDSS?

Je suis 100% daccord avec toi Wawa! J'ai l'impression d'etre pris par la main pas-a-pas a travers les étapes.Tantôt lorsque je fumais ma clope je me disais justement comment les corp. devrais vous prendre en modele pour ce qui est du service! Si seulement jaurais pu decouvrir votre forum plus tôt!

Bien , j'adore secunia!! Pour ce qui est de sp3 et window j'ai faite toute les updates possible sans authentification.

Bon apres-midi Falk!Voici le nouveau rapport Hijackthis telle que demander. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:14, on 2008-08-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe G:\DownLoad\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 5892 bytes

Eureka! Merci a vous deux pour cette ligne de code , IE est maintenant a jour

Negatif et pour le 2 et pour le 3. ''No IECUSTOM: Key is still unwriteable text found'' et pareil pour le ArchiveFileForUninstall:ArchiveSingleFile Cancelled. Je vais me coucher sur ce, je te reparle demain . @+

Et bien non , avec ou sans sa ne change rien je ne suis pas capable de finir l'instalation.

Actuellement je croyais avoir updater mon IE mais il me semble que j'aille un prob de registre si je comprend bien dapres : http://support.microsoft.com/kb/917925 Je vais essayer de reinstaller sans mes anti-virus//malware on...Je reviens!

Je dois t'avouer que jusqu'a maintenant je suis surpris de ne pas m'etre crever un oeil ou couper un doigt a la tâche, c'est bon signe! J'ai essayer de suprimer combofix et sdfix de la maniere que tu me las demander MAIS combofix semblais deja plus netre sur ma machine a l'exception du qoobox et du read me text. Pour ce qui est de sdfix, il ne saffichais nis dans lajout//supression nis dans ''tout les prog.'', j'ai donc lancer une recherche et je les est effacer a main (clic droit suprime) Je vien tous juste de updater mon IE , jattend tes prochaines instructions! Ps:Merci encore du temps que vous passez avec tous le monde pour regler nos problemes! <3

Much love , merci beaucoup!

okie, je vien de les remover les 2 , merci du conseil

En effet ma machine est nickel celon Maleware! Yay! D'ailleur je te remercie énormément de ton aide je nis serais point arriver seul. Pour ce qui est de winpatrol est ce que je le laisse autoriser les changement?

Voici pour le hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:43:13, on 2008-08-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe G:\DownLoad\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 5694 bytes Merci!

Bon , j'ai pris l'initiative de continuer malgré tout. Voici le rapport comboFix, ComboFix 08-08-25.01 - Ll 2008-08-26 5:41:12.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1590 [GMT -4:00] Endroit: C:\Documents and Settings\Ll\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_tdssserv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))))))) . 2008-08-26 03:52 . 2008-08-26 03:53 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-26 03:34 . 2008-08-26 04:01 <REP> d-------- C:\SDFix 2008-08-25 21:07 . 2008-08-25 22:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-25 21:06 . 2008-08-25 21:06 <REP> d-------- C:\Program Files\Trojan Remover 2008-08-25 21:06 . 2008-08-25 21:06 <REP> d-------- C:\Documents and Settings\Ll\Application Data\Simply Super Software 2008-08-25 21:06 . 2008-08-25 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-25 21:06 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-25 21:06 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-25 21:06 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-25 21:06 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-08-25 21:06 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-25 15:44 . 2008-08-25 15:44 <REP> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-25 15:44 . 2008-08-25 15:44 <REP> d-------- C:\Program Files\MSECACHE 2008-08-24 16:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-24 16:01 . 2008-08-24 16:01 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-08-24 14:39 . 2008-08-24 15:52 <REP> d-------- C:\Documents and Settings\Ll\Application Data\Uniblue 2008-08-21 14:35 . 2008-08-21 14:35 <REP> dr-h----- C:\Documents and Settings\Ll\Application Data\SecuROM 2008-08-20 03:40 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-08-20 03:40 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-08-20 03:40 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-08-20 03:40 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-08-20 03:40 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-08-20 03:40 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-08-20 03:40 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-08-20 03:40 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-08-20 03:40 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-08-20 03:40 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-08-17 01:22 . 2008-08-25 20:43 <REP> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-17 01:22 . 2008-08-17 01:22 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-17 01:22 . 2008-08-17 01:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-17 01:22 . 2008-08-17 01:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-17 01:18 . 2008-08-17 01:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-15 18:08 . 2008-08-15 18:08 <REP> d-------- C:\Program Files\FLV Player 2008-08-12 18:08 . 2008-08-12 18:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-12 14:50 . 2008-08-12 14:50 <REP> d-------- C:\Program Files\Google 2008-08-10 16:39 . 2008-08-24 14:17 <REP> d-------- C:\Program Files\Xfire 2008-08-10 16:39 . 2008-08-20 01:42 <REP> d-------- C:\Documents and Settings\Ll\Application Data\Xfire 2008-08-08 21:53 . 2008-08-08 21:53 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-08-06 09:50 . 2008-08-06 09:50 <REP> d-------- C:\Program Files\Sun 2008-08-03 03:01 . 2008-08-03 03:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-03 03:01 . 2008-08-03 03:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-01 13:48 . 2008-08-25 00:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-01 13:48 . 2008-08-01 13:48 <REP> d-------- C:\Documents and Settings\Ll\Application Data\Malwarebytes 2008-08-01 13:48 . 2008-08-01 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-01 13:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-01 13:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-01 13:47 . 2008-08-01 13:47 <REP> d-------- C:\Program Files\CCleaner 2008-08-01 13:17 . 2008-08-01 13:17 <REP> d-------- C:\Program Files\BillP Studios 2008-08-01 13:17 . 2008-08-01 13:17 <REP> d-------- C:\Documents and Settings\Ll\Application Data\WinPatrol 2008-07-30 21:38 . 2008-07-30 21:38 <REP> d-------- C:\WINDOWS\BBSTORE 2008-07-30 21:38 . 1992-03-11 06:19 67,584 --a------ C:\WINDOWS\system32\uncial.ttf 2008-07-30 21:37 . 2008-07-30 21:37 <REP> d-------- C:\Documents and Settings\Ll\WINDOWS 2008-07-30 21:37 . 1996-08-16 13:49 298,496 --a------ C:\WINDOWS\uninst.exe 2008-07-27 19:21 . 2008-07-27 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 09:43 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-08-25 19:52 --------- d-----w C:\Program Files\Java 2008-08-25 19:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-24 05:55 --------- d-----w C:\Documents and Settings\Ll\Application Data\Azureus 2008-08-17 05:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 05:05 --------- d-----w C:\Program Files\Easy CD-DA Extractor 9 2008-07-14 19:57 --------- d-----w C:\Documents and Settings\Ll\Application Data\InstallShield Installation Information 2008-07-14 19:16 --------- d-----w C:\Documents and Settings\Ll\Application Data\InstallShield 2008-07-14 19:15 --------- d-----w C:\Documents and Settings\Ll\Application Data\My Games 2008-07-14 19:14 1 ----a-w C:\Documents and Settings\Ll\SI.bin 2008-07-02 19:34 --------- d-----w C:\Program Files\Azureus 2008-04-21 08:45 22,328 ----a-w C:\Documents and Settings\Ll\Application Data\PnkBstrK.sys 2008-03-12 01:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-26 23:10 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 18:34 128000] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-01 20:04 295936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 12:58 333120] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-17 01:22 1232152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2008-05-18 04:19 14370816 C:\WINDOWS\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.asv2"= asusasv2.dll "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "E:\\Jeux PC\\Civilization IV\\Beyond the Sword\\Civ4BeyondSword.exe"= "E:\\Jeux PC\\Civilization IV\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "E:\\Jeux PC\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-17 01:22] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-17 01:22] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 01:22] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-17 01:22] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 20:56] S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2005-07-08 12:53] S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 21:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] \Shell\AutoRun\command - N:\LaunchU3.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-01 20:04] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Ll\Application Data\Mozilla\Firefox\Profiles\gwoq99qn.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - fr.canoe.ca/accueil.html FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-26 05:43:51 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll PROCESS: C:\WINDOWS\system32\csrss.exe -> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-26 5:45:49 - machine was rebooted [Ll] ComboFix-quarantined-files.txt 2008-08-26 09:45:43 Pre-Run: 19,662,729,216 octets libres Post-Run: 19,638,857,728 octets libres 202 Merci et @+