filou98

Bonjour, j'ai réessayé de supprimer les clés et j'ai réussi sans problème! Tout est bien qui finit bien. Un immense merci encore pour l'aide.

J'ai essayé de le faire, mais ça me dit impossible, erreur lors de la suppression de la clé. Je dois le faire sur le dossier jaune au complet, et non seulement sur ce qui est dedans, c'est bien cela?

J'espère que tout est correct. J'ai fait tout ce que vous m'avez conseillé, et mon ordi semble fonctionner comme un neuf. Un énorme merci pour votre aide. ComboFix 09-07-14.08 - Client 2009-07-16 19:23.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2039.1536 [GMT -4:00] Running from: c:\documents and settings\Client\Bureau\Colaf.exe Command switches used :: c:\documents and settings\Client\Bureau\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-13 16:31 . 2009-07-15 13:52 -------- d-----w- C:\Gamer 2009-07-12 23:48 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2009-07-12 23:02 . 2009-07-12 23:02 -------- d-----w- c:\program files\Trend Micro 2009-07-12 17:10 . 2009-07-14 17:47 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-12 02:41 . 2009-07-12 02:41 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2009-07-12 02:36 . 2009-07-12 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 02:19 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-12 02:19 . 2009-07-12 02:37 -------- d-----w- c:\program files\fuckyou 2009-07-12 02:19 . 2009-07-12 02:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-12 02:19 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 02:00 . 2009-07-12 02:00 0 ----a-w- C:\backup.reg 2009-07-12 02:00 . 2009-07-12 02:00 574 ----a-w- C:\cleanup.bat 2009-07-12 02:00 . 2009-07-12 02:00 135168 ----a-w- C:\zip.exe 2009-07-11 23:04 . 2009-07-11 23:04 -------- d-----w- c:\program files\ESET 2009-07-10 03:59 . 2008-04-14 01:33 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll 2009-07-07 02:25 . 2009-07-07 02:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant 2009-07-02 21:20 . 2009-07-02 21:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-06-29 13:47 . 2009-06-29 14:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\Client\Local Settings\Application Data\AVG Security Toolbar 2009-06-27 00:16 . 2009-07-11 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-12 02:23 . 2008-05-29 00:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-11 20:16 . 2008-05-30 00:30 -------- d-----w- c:\documents and settings\Client\Application Data\uTorrent 2009-07-11 03:12 . 2008-05-29 00:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 04:00 . 2009-07-10 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-07-10 04:00 . 2009-07-10 04:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-07 19:00 . 2008-06-02 05:39 -------- d-----w- c:\documents and settings\Client\Application Data\Vso 2009-07-07 02:29 . 2008-04-25 00:10 -------- d-----w- c:\program files\HP 2009-07-07 02:24 . 2009-05-25 08:34 -------- d-----w- c:\documents and settings\Client\Application Data\Image Zone Express 2009-07-07 02:11 . 2005-01-24 14:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll 2009-06-29 13:53 . 2008-05-30 00:48 -------- d-----w- c:\program files\Google 2009-06-27 00:16 . 2008-05-29 00:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-27 00:16 . 2008-04-24 01:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-23 02:23 . 2008-05-30 00:49 -------- d-----w- c:\documents and settings\Client\Application Data\LimeWire 2009-06-15 17:37 . 2008-07-27 03:08 -------- d-----w- c:\documents and settings\Client\Application Data\OpenOffice.org2 2009-06-07 23:26 . 2009-01-10 21:21 -------- d-----w- c:\program files\DivX 2009-06-07 23:25 . 2009-06-07 23:25 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-05-27 01:34 . 2009-05-27 01:34 249856 ------w- c:\windows\Setup1.exe 2009-05-27 01:34 . 2009-05-27 01:34 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-05-18 17:51 . 2008-05-29 00:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys 2009-05-07 15:33 . 2004-08-04 04:54 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:53 . 2008-04-25 00:09 73728 ----a-w- c:\documents and settings\Client\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-07 00:34 . 2009-05-07 00:20 113616 ----a-w- c:\windows\hpoins07.dat 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-29 04:45 . 2004-08-04 04:54 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2004-08-04 04:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:50 . 2004-08-04 04:45 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 23:58 . 2002-09-07 00:00 468402 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-17 23:58 . 2002-09-07 00:00 75470 ----a-w- c:\windows\system32\perfc00C.dat 2005-04-01 02:17 . 2008-04-24 17:56 40960 ----a-w- c:\program files\Uninstall_CDS.exe 1999-04-06 18:27 . 1999-04-06 18:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL 1998-12-09 08:53 . 1998-12-09 08:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL 1998-12-09 08:53 . 1998-12-09 08:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL 2009-06-13 01:03 . 2008-12-14 22:49 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488] c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-27 00:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk backup=c:\windows\pss\Bitmeter2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2009.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2009.lnk backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56606:TCP"= 56606:TCP:Pando P2P TCP Listening Port "56606:UDP"= 56606:UDP:Pando P2P UDP Listening Port R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-28 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-28 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298776] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-04-23 35840] S2 eqzynby;eqzynby;c:\windows\system32\drivers\ibbntxoa.sys --> c:\windows\system32\drivers\ibbntxoa.sys [?] S2 gupdate1c9e7c7479df654;Service Google Update (gupdate1c9e7c7479df654);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 133104] S2 hwvtwijt;hwvtwijt;c:\windows\system32\drivers\aztov.sys --> c:\windows\system32\drivers\aztov.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ FF - ProfilePath - c:\docume~1\Client\APPLIC~1\Mozilla\Firefox\Profiles\eegb5q2m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1757849&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - torrent411 Customized Web Search FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1757849&SearchSource=2&q= FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 19:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3136) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-07-16 19:26 ComboFix-quarantined-files.txt 2009-07-16 23:26 ComboFix2.txt 2009-07-15 18:23 Pre-Run: 92 149 047 296 octets libres Post-Run: 92 113 281 024 octets libres 217 --- E O F --- 2009-07-10 04:02

Je ne sais pas si ça dit quelque chose à propos du virus, mais lorsque Combo fix s'exécutait, suite à un redémarrage, mon fond d'écran a changé, et c'est un vieux fond d'écran de Noel qui s'est réinstallé tout seul...

ComboFix 09-07-14.08 - Client 2009-07-15 14:06.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2039.1585 [GMT -4:00] Running from: c:\documents and settings\Client\Bureau\Colaf.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleanup.exe c:\documents and settings\Client\Application Data\inst.exe c:\windows\Installer\76f57.msi c:\windows\system32\drivers\hjgruindguhrhx.sys c:\windows\system32\drivers\UACvdbaiqumupqlaswwx.sys c:\windows\system32\hjgruieppsesby.dll c:\windows\system32\hjgruilog.dat c:\windows\system32\hjgruilsmcnobp.dat c:\windows\system32\hjgruiwpktakdu.dat c:\windows\system32\hjgruiybjepsub.dll c:\windows\system32\UACbgrmsxprbbjjjqqkt.dll c:\windows\system32\UACdhcvmltiyrbwskmcb.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACiqxygtuqwrwcoaqbe.dll c:\windows\system32\UACivojomkohyrodecwh.dat c:\windows\system32\UACjftflioivbofkecak.db c:\windows\system32\uactmp.db c:\windows\system32\UACudlyenkhdtrcpytgj.dll c:\windows\system32\UACyqluynmjjxvkdubyj.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruimxdovhxo -------\Service_UACd.sys -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))))) . 2009-07-13 16:31 . 2009-07-15 13:52 -------- d-----w- C:\Gamer 2009-07-12 23:48 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar 2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2009-07-12 23:02 . 2009-07-12 23:02 -------- d-----w- c:\program files\Trend Micro 2009-07-12 17:10 . 2009-07-14 17:47 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-12 02:41 . 2009-07-12 02:41 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2009-07-12 02:36 . 2009-07-12 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 02:19 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-12 02:19 . 2009-07-12 02:37 -------- d-----w- c:\program files\fuckyou 2009-07-12 02:19 . 2009-07-12 02:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-12 02:19 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 02:00 . 2009-07-12 02:00 0 ----a-w- C:\backup.reg 2009-07-12 02:00 . 2009-07-12 02:00 574 ----a-w- C:\cleanup.bat 2009-07-12 02:00 . 2009-07-12 02:00 135168 ----a-w- C:\zip.exe 2009-07-11 23:04 . 2009-07-11 23:04 -------- d-----w- c:\program files\ESET 2009-07-10 03:59 . 2008-04-14 01:33 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll 2009-07-07 02:25 . 2009-07-07 02:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant 2009-07-02 21:20 . 2009-07-02 21:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-06-29 13:47 . 2009-06-29 14:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\Client\Local Settings\Application Data\AVG Security Toolbar 2009-06-27 00:16 . 2009-07-11 20:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2009-06-27 00:16 . 2009-06-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-12 02:23 . 2008-05-29 00:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-11 20:16 . 2008-05-30 00:30 -------- d-----w- c:\documents and settings\Client\Application Data\uTorrent 2009-07-11 03:12 . 2008-05-29 00:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 04:00 . 2009-07-10 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-07-10 04:00 . 2009-07-10 04:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-07 19:00 . 2008-06-02 05:39 -------- d-----w- c:\documents and settings\Client\Application Data\Vso 2009-07-07 02:29 . 2008-04-25 00:10 -------- d-----w- c:\program files\HP 2009-07-07 02:24 . 2009-05-25 08:34 -------- d-----w- c:\documents and settings\Client\Application Data\Image Zone Express 2009-07-07 02:11 . 2005-01-24 14:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll 2009-06-29 13:53 . 2008-05-30 00:48 -------- d-----w- c:\program files\Google 2009-06-27 00:16 . 2008-05-29 00:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-27 00:16 . 2008-04-24 01:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-23 02:23 . 2008-05-30 00:49 -------- d-----w- c:\documents and settings\Client\Application Data\LimeWire 2009-06-15 17:37 . 2008-07-27 03:08 -------- d-----w- c:\documents and settings\Client\Application Data\OpenOffice.org2 2009-06-07 23:26 . 2009-01-10 21:21 -------- d-----w- c:\program files\DivX 2009-06-07 23:25 . 2009-06-07 23:25 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-05-27 01:34 . 2009-05-27 01:34 249856 ------w- c:\windows\Setup1.exe 2009-05-27 01:34 . 2009-05-27 01:34 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-05-18 17:51 . 2008-05-29 00:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-17 22:52 . 2008-08-20 13:55 -------- d-----w- c:\documents and settings\Client\Application Data\dvdcss 2009-05-17 20:10 . 2009-03-21 21:31 -------- d-----w- c:\program files\Hasbro Interactive 2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys 2009-05-07 15:33 . 2004-08-04 04:54 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:53 . 2008-04-25 00:09 73728 ----a-w- c:\documents and settings\Client\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-07 00:34 . 2009-05-07 00:20 113616 ----a-w- c:\windows\hpoins07.dat 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-29 04:45 . 2004-08-04 04:54 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2004-08-04 04:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:50 . 2004-08-04 04:45 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 23:58 . 2002-09-07 00:00 468402 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-17 23:58 . 2002-09-07 00:00 75470 ----a-w- c:\windows\system32\perfc00C.dat 2005-04-01 02:17 . 2008-04-24 17:56 40960 ----a-w- c:\program files\Uninstall_CDS.exe 1999-04-06 18:27 . 1999-04-06 18:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL 1998-12-09 08:53 . 1998-12-09 08:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 08:53 . 1998-12-09 08:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL 1998-12-09 08:53 . 1998-12-09 08:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL 2009-06-13 01:03 . 2008-12-14 22:49 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488] c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-27 00:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk backup=c:\windows\pss\Bitmeter2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2009.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2009.lnk backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Client^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Client\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56606:TCP"= 56606:TCP:Pando P2P TCP Listening Port "56606:UDP"= 56606:UDP:Pando P2P UDP Listening Port R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-28 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-28 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 298776] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-04-23 35840] S2 eqzynby;eqzynby;c:\windows\system32\drivers\ibbntxoa.sys --> c:\windows\system32\drivers\ibbntxoa.sys [?] S2 gupdate1c9e7c7479df654;Service Google Update (gupdate1c9e7c7479df654);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 133104] S2 hwvtwijt;hwvtwijt;c:\windows\system32\drivers\aztov.sys --> c:\windows\system32\drivers\aztov.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ FF - ProfilePath - c:\docume~1\Client\APPLIC~1\Mozilla\Firefox\Profiles\eegb5q2m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1757849&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - torrent411 Customized Web Search FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1757849&SearchSource=2&q= FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 14:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2460) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\HPZipm12.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2009-07-15 14:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-15 18:22 Pre-Run: 92 026 601 472 octets libres Post-Run: 92 174 659 584 octets libres 257 --- E O F --- 2009-07-10 04:02

oui, je l'avais fait hier. Est-ce que je dois le refaire?

J'ai eu de la difficulté à ouvrir Gmer. Les lignes rouges sont revenues. J'ai essayé de faire ce que vous m'avez dit hier, KILL, mais les deux fois que j'ai essayé, j'ai eu un message système qui disait que l'ordi doit redémarrer. J'attends donc vos instructions avant de continuer. Voici donc le dernier rapport: GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-15 10:05:15 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- INT 0x62 ? 8A554BF8 INT 0x82 ? 8A554BF8 INT 0x83 ? 8A554BF8 INT 0x83 ? 8A554BF8 INT 0x83 ? 8A37DBF8 INT 0x83 ? 8A554BF8 INT 0x94 ? 8A37DBF8 INT 0xA4 ? 8A37DBF8 Code 8A241226 ZwEnumerateKey Code 8A241756 ZwFlushInstructionCache Code 8A23F0FD IofCallDriver Code 8A2549D5 IofCompleteRequest Code 8A242A4D ZwSaveKey Code 8A2EEF6D ZwSaveKeyEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A23F102 .text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A2549DA .text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A242A52 .text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A2EEF72 PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 8A24122A PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A24175A ? splj.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload B98A08AC 5 Bytes JMP 8A37D1D8 .text ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08DC000A .text ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08DD000A ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\hkcmd.exe[264] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08D3000A .text C:\WINDOWS\system32\hkcmd.exe[264] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08D4000A .text C:\WINDOWS\system32\igfxpers.exe[280] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08D2000A .text C:\WINDOWS\system32\igfxpers.exe[280] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08D3000A .text C:\WINDOWS\RTHDCPL.EXE[428] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 09D9000A .text C:\WINDOWS\RTHDCPL.EXE[428] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 09DA000A .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[464] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00DE000A .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[464] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00DF000A .text C:\Program Files\Microsoft IntelliPoint\point32.exe[484] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08EB000A .text C:\Program Files\Microsoft IntelliPoint\point32.exe[484] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08EC000A .text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[536] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08D5000A .text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[536] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08D6000A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[544] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08D4000A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[544] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08D5000A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[592] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08D1000A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[592] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08D2000A .text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 008A000A .text C:\WINDOWS\system32\winlogon.exe[648] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 008B000A .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0096000A .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 0097000A .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 009F000A .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1092] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0090000A .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1092] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 0091000A .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 006A000A .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 006A000A .text C:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00C1000A .text C:\Gamer\aaiii.exe[1776] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08DC000A .text C:\Gamer\aaiii.exe[1776] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08DD000A .text C:\WINDOWS\Explorer.EXE[1832] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00C3000A .text C:\WINDOWS\Explorer.EXE[1832] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00C4000A .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00DE000A .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4437F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4451178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 44511710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 44511754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4451169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 445116D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 445117CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 443A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 00E9000A .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 00FA000A .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00FC1DE0 \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00FC1C20 \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!send 719F4C27 5 Bytes JMP 00FC1C00 \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!recv 719F676F 5 Bytes JMP 00FC1BE0 \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll .text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08C1000A .text C:\WINDOWS\system32\ctfmon.exe[1972] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08C2000A .text C:\WINDOWS\system32\svchost.exe[2468] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 006A000A .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2500] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00AE000A .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2500] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00AF000A .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2592] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00B1000A .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2592] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00B2000A .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2600] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00B8000A .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2792] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00AE000A .text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[2792] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00AF000A .text C:\WINDOWS\system32\svchost.exe[3000] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 006A000A .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3092] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08E6000A .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3252] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08DC000A .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3252] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 08DD000A .text C:\WINDOWS\System32\alg.exe[3904] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00A0000A .text C:\WINDOWS\System32\alg.exe[3904] ntdll.dll!LdrUnloadDll 7C92738B 5 Bytes JMP 00A1000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5575E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] splj.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] splj.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] splj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] splj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] splj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] splj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] splj.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A37D2D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5531F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\PCI_PNP2808 \Device\00000042 splj.sys Device \Driver\PCI_PNP2808 \Device\00000042 splj.sys Device \Driver\usbuhci \Device\USBPDO-0 8A37C1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5C61F8 Device \Driver\usbuhci \Device\USBPDO-1 8A37C1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A37C1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A37C1F8 Device \Driver\usbehci \Device\USBPDO-4 8A34F1F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device pci.sys (Énumérateur Plug-and-Play PCI pour NT/Microsoft Corporation) Device \Driver\sptd \Device\4012690308 splj.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5551F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89D73500 Device \Driver\NetBT \Device\NetBT_Tcpip_{908CB631-FE7D-4E46-A0B3-6936707C586F} 89D73500 Device \Driver\NetBT \Device\NetbiosSmb 89D73500 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8A37C1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A37C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89D4D500 Device \Driver\usbuhci \Device\USBFDO-2 8A37C1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89D4D500 Device \Driver\usbuhci \Device\USBFDO-3 8A37C1F8 Device \Driver\Ftdisk \Device\FtControl 8A5551F8 Device \Driver\usbehci \Device\USBFDO-4 8A34F1F8 Device \Driver\anqan56p \Device\Scsi\anqan56p1Port4Path0Target0Lun0 8A3261F8 Device \Driver\anqan56p \Device\Scsi\anqan56p1Port4Path0Target1Lun0 8A3261F8 Device \Driver\anqan56p \Device\Scsi\anqan56p1 8A3261F8 Device \FileSystem\Cdfs \Cdfs 89BF51F8 ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [992] 0x00A50000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1068] 0x00A60000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1164] 0x00A50000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1336] 0x00A50000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1444] 0x00A50000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1864] 0x00FB0000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2468] 0x00A60000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3000] 0x00A50000 ---- EOF - GMER 1.0.15 ----

Bonjour, je n'avais plus d'éléments en rouge, je n'ai donc rien fait... Quant à la manip suivante: Démarrer->Exécuter copiez/collez gmer.exe -delfile "C:\WINDOWS\system32\UACiqxygtuqwrwcoaqbe.dll", ça me dit que windows ne trouve pas gmer. À part cela, j'ai fait tout ce qui est écrit. Et voici mon rapport MBAM: Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2412 Windows 5.1.2600 Service Pack 3 2009-07-14 15:26:52 mbam-log-2009-07-14 (15-26-52).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 205495 Temps écoulé: 25 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Merci pour l'aide. J'espère que je l'ai bien fait. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-13 16:32:53 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- INT 0x62 ? 8A554BF8 INT 0x82 ? 8A554BF8 INT 0x83 ? 8A554BF8 INT 0x83 ? 8A554BF8 INT 0x83 ? 8A29ABF8 INT 0x83 ? 8A554BF8 INT 0x94 ? 8A29ABF8 INT 0xA4 ? 8A29ABF8 Code 89A31B06 ZwEnumerateKey Code 8A3A30A6 ZwFlushInstructionCache Code 89AE575D IofCallDriver Code 89F83FD5 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 89AE5762 .text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 89F83FDA PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 89A31B0A PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A3A30AA ? spjh.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload B97948AC 5 Bytes JMP 8A29A1D8 ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[212] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003C000A .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06370001 .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01970001 .text C:\WINDOWS\system32\csrss.exe[636] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001 .text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0067000A .text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01430001 .text C:\Gamer\gmer.exe[692] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003B000A .text C:\Gamer\gmer.exe[692] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\system32\services.exe[712] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003B000A .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014C0001 .text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01530001 .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0068000A .text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01560001 .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02DF0001 .text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02FC0001 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1104] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 005C000A .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001 .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0068000A .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[1360] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003C000A .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[1360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05820001 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001 .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001 .text C:\WINDOWS\system32\spoolsv.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0068000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1664] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003C000A .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001 .text C:\WINDOWS\System32\alg.exe[2232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001 .text C:\WINDOWS\System32\alg.exe[2232] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\Explorer.EXE[2412] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[2412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001 .text C:\WINDOWS\Explorer.EXE[2412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\system32\wuauclt.exe[2700] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08A5000A .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08CE0001 .text C:\WINDOWS\system32\wuauclt.exe[2700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\system32\hkcmd.exe[2760] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003F000A .text C:\WINDOWS\system32\hkcmd.exe[2760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08E20001 .text C:\WINDOWS\system32\hkcmd.exe[2760] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\system32\igfxpers.exe[2768] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003D000A .text C:\WINDOWS\system32\igfxpers.exe[2768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08E00001 .text C:\WINDOWS\system32\igfxpers.exe[2768] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\RTHDCPL.EXE[2776] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003F000A .text C:\WINDOWS\RTHDCPL.EXE[2776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A030001 .text C:\WINDOWS\RTHDCPL.EXE[2776] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2808] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00A0000A .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001 .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[2808] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Program Files\Microsoft IntelliPoint\point32.exe[2832] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08C4000A .text C:\Program Files\Microsoft IntelliPoint\point32.exe[2832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08D90001 .text C:\Program Files\Microsoft IntelliPoint\point32.exe[2832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 003F000A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B20001 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2896] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\system32\ctfmon.exe[2948] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 08A6000A .text C:\WINDOWS\system32\ctfmon.exe[2948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08D00001 .text C:\WINDOWS\system32\ctfmon.exe[2948] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2984] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 0037000A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2984] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5575E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spjh.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spjh.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spjh.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spjh.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spjh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spjh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spjh.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A29A2D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5531F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\PCI_PNP9112 \Device\00000042 spjh.sys Device \Driver\PCI_PNP9112 \Device\00000042 spjh.sys Device \Driver\usbuhci \Device\USBPDO-0 8A2991F8 Device \Driver\usbuhci \Device\USBPDO-1 8A2991F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5C61F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5C61F8 Device \Driver\usbuhci \Device\USBPDO-2 8A2991F8 Device \Driver\usbuhci \Device\USBPDO-3 8A2991F8 Device \Driver\usbehci \Device\USBPDO-4 8A295500 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device pci.sys (Énumérateur Plug-and-Play PCI pour NT/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5551F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8996D1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{908CB631-FE7D-4E46-A0B3-6936707C586F} 8996D1F8 Device \Driver\NetBT \Device\NetbiosSmb 8996D1F8 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8A2991F8 Device \Driver\usbuhci \Device\USBFDO-1 8A2991F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899351F8 Device \Driver\usbuhci \Device\USBFDO-2 8A2991F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 899351F8 Device \Driver\usbuhci \Device\USBFDO-3 8A2991F8 Device \Driver\usbehci \Device\USBFDO-4 8A295500 Device \Driver\Ftdisk \Device\FtControl 8A5551F8 Device \Driver\sptd \Device\3436276612 spjh.sys Device \Driver\at2i49of \Device\Scsi\at2i49of1 8A1FA1F8 Device \Driver\at2i49of \Device\Scsi\at2i49of1Port4Path0Target1Lun0 8A1FA1F8 Device \Driver\at2i49of \Device\Scsi\at2i49of1Port4Path0Target0Lun0 8A1FA1F8 Device \FileSystem\Cdfs \Cdfs 89F67500 ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [924] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1004] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1080] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1252] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1408] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1460] 0x00910000 Library \\?\globalroot\systemroot\system32\UACiqxygtuqwrwcoaqbe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1632] 0x00910000 ---- EOF - GMER 1.0.15 ----

Merci de votre réponse rapide. J'ai fait les étapes, mais je bloque pour copier les lignes rouges. Il n'y a des lignes rouges que dans la partie ressource, et lorsque je clique sur un item en rouge, les seules options que j'ai sont : kill all, kill, refresh et propriété. Quel bout me manque?

Depuis 2 jours, je tente d'éradiquer ce virus. J'ai Avg comme antivirus, mais il l'a laissé passer. C'est une icone (je pense que c'est le centre de sécurité Windows?) qui clignotait et m'a avertie que j'étais infectée. J'ai tenté diverses manipulations, sans succès. Entre autres, avec Malwarebytes, il dit qu'il le supprimera au redémarrage, mais il revient toujours lorsque je rescanne... J'ai aussi télécharger spyware doctor, qui m'avise très régulièrement de tentative d'attaque. J'ai fait la procédure de prénettoyage sur votre site, sauf la partie redémarre en mode sans échec: impossible, il ne veut plus redémarrer en mode sans échec... Voici mon log de Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:05, on 2009-07-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209001319771 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Service Google Update (gupdate1c9e7c7479df654) (gupdate1c9e7c7479df654) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7593 bytes