Des virus sur mon pc

Bonjour à tous,

Voila depuis hier quelqu'un a essaye de télécharger de la musique gratuite sur mon PC mais avant même de finir, mon antivirus m'annonce qu'il y'a des virus et des rootkits sur mon ordinateur . J'ai passer mon scanner avec mon antivirus plus Spybot searsh & destroy , ad aware SE mais rien a faire une fenêtre est ouverte sur mon bureau en jaune et qui me suggère d'installer un anti virus et anti spyware pour les éliminer sans oublier les petits cafards virtuels qui envahissent mon écran en le rendant presque tout bleu , Que ce que je dois faire ?

je vous joints un rapport HijackThis pour que vous m'aidiez et merci d'avance



------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:31:02, on 11/05/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\TEMP\393C.tmp

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\DAP\DAP.EXE

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Documents and Settings\NBA\Bureau\HiJackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

F2 - REG:system.ini: UserInit=Userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [a0556a7b] rundll32.exe "C:\WINDOWS\System32\uaqotehr.dll",b

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: add to anti-banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{415175E1-B37A-4FFB-AF8E-74D191357CC1}: NameServer = 213.150.189.10 213.150.191.9

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: EF342444 - Unknown owner - C:\WINDOWS\System32\A476AAC4.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe



--

End of file - 6728 bytes

----------------------------------------------------------

Ajout du 12-05-2008 à 09:11:

Bonjour, est ce qu'il y'a quelqu'un qui pourra m'aider S.V.P ?

bonjour

Télécharger sur le bureau

OTMoveIt2.exe
---------------
relancer hijack
"Do A System Scan Only"

cocher ces lignes et clic ensuite sur FIX CHECKED

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O4 - HKLM\..\Run: [a0556a7b] rundll32.exe "C:\WINDOWS\System32\uaqotehr.dll",b
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O23 - Service: EF342444 - Unknown owner - C:\WINDOWS\System32\A476AAC4.EXE (file missing)
--------------
Faire
Démarrer==> Exécuter ==> Ecrire: services.msc
Dans le tableau qui s’ouvre chercher : EF342444
Double-clic dessus==> dans type de démarrage ==>Désactivé ==> en dessous
Arrêter <== si accessible et Clic ==> OK



============
= Copier ce texte qui est en gras

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\AskSBar
C:\WINDOWS\System32\uaqotehr.dll
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\WINDOWS\System32\A476AAC4.EXE


= Double-clic sur OTMoveIt
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour_heure à copier puis à coller dans la réponse
========
et

Télécharger et enregistrer sur le bureau
Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse

puis
refaire un hijack

Bonjour,

Merci Land 3 de m'avoir répondu

Voila je vais suivre a la lettre ce que vous m'aviez suggéré et je vous tiendrez au courant

Ajout du 15-05-2008 à 10:28:

Rebonjour,

Voila le resultat obtenu apres avoir fait un Otmovelt2

--------------------------------

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL unregistered successfully.

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL moved successfully.

C:\Program Files\AskSBar\SrchAstt\1.bin moved successfully.

C:\Program Files\AskSBar\SrchAstt moved successfully.

C:\Program Files\AskSBar\bar\Settings moved successfully.

C:\Program Files\AskSBar\bar\History moved successfully.

C:\Program Files\AskSBar\bar\Cache moved successfully.

C:\Program Files\AskSBar\bar\1.bin moved successfully.

C:\Program Files\AskSBar\bar moved successfully.

C:\Program Files\AskSBar moved successfully.

File/Folder C:\WINDOWS\System32\uaqotehr.dll not found.

File/Folder C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe not found.

File/Folder C:\WINDOWS\System32\A476AAC4.EXE not found.



OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_102219

----------------------------------------------

Ajout du 15-05-2008 à 10:47:

Et voila maintenant le rapport apres le combofix

-----------------------------------------

ComboFix 08-05-12.1 - NBA 2008-05-15 10:35:38.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.176 [GMT 2:00]

Endroit: C:\Documents and Settings\NBA\Mes documents\My Completed Downloads\ComboFix.exe

* Création d'un nouveau point de restauration



[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

.



(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\AbHPqtwa.ini

C:\WINDOWS\system32\AbHPqtwa.ini2

C:\WINDOWS\system32\AcfhQqss.ini

C:\WINDOWS\system32\AcfhQqss.ini2

C:\WINDOWS\system32\FMWDNqru.ini

C:\WINDOWS\system32\FMWDNqru.ini2

C:\WINDOWS\system32\hghiQXbc.ini

C:\WINDOWS\system32\hghiQXbc.ini2

C:\WINDOWS\system32\JmmSrtwa.ini

C:\WINDOWS\system32\JmmSrtwa.ini2

C:\WINDOWS\system32\jQsuwyay.ini2

C:\WINDOWS\system32\kcsuhlen.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\pjsapdg.sys

C:\WINDOWS\system32\qcpxpdrr.ini

C:\WINDOWS\system32\QqrtBJjl.ini

C:\WINDOWS\system32\QqrtBJjl.ini2

C:\WINDOWS\system32\tvlogngn.ini

C:\WINDOWS\system32\ufnswcco.ini

C:\WINDOWS\system32\YbKQYcfe.ini2

C:\WINDOWS\system32\yFOooUtv.ini2



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Service_pjsapdg





((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))

.



2008-05-15 10:19 . 2008-05-15 10:19 <REP> d-------- C:\_OTMoveIt

2008-05-12 21:00 . 2008-05-12 21:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-05-12 20:53 . 2008-05-12 20:53 <REP> d-------- C:\Documents and Settings\NBA\Application Data\Malwarebytes

2008-05-12 20:52 . 2008-05-12 20:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-12 20:52 . 2008-05-12 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-12 20:52 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-12 20:52 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-12 17:21 . 2008-05-12 17:21 <REP> d-------- C:\Program Files\Enigma Software Group

2008-05-12 15:45 . 2008-05-12 15:48 <REP> d-------- C:\Program Files\CCleaner

2008-05-11 19:45 . 2008-05-11 19:45 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft

2008-05-11 11:15 . 2008-05-15 00:34 1,079 --a------ C:\WINDOWS\wininit.ini

2008-05-10 23:30 . 2008-05-10 23:30 <REP> d-------- C:\Program Files\Lavasoft

2008-05-10 23:30 . 2008-05-10 23:30 <REP> d-------- C:\Documents and Settings\NBA\Application Data\Lavasoft

2008-05-10 22:17 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-05-10 22:15 . 2008-05-10 22:16 <REP> d-------- C:\Program Files\Spyware Doctor

2008-05-10 21:49 . 2008-05-11 09:25 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-05-10 21:49 . 2008-05-11 09:25 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-05-10 21:48 . 2008-05-10 21:48 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-10 21:48 . 2008-05-15 10:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-10 21:48 . 2008-05-15 10:38 3,512,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-10 21:48 . 2008-05-15 10:38 133,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-10 21:48 . 2008-05-15 10:38 43,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-10 21:48 . 2008-05-15 10:38 14,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-10 21:45 . 2008-05-10 21:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-05-10 21:41 . 2008-05-15 10:35 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-05-10 19:11 . 2008-05-11 10:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-10 19:11 . 2008-05-11 12:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-10 18:05 . 2008-05-10 20:25 <REP> d-------- C:\Program Files\BurstWriting

2008-05-10 16:22 . 2008-05-10 17:00 2 --a------ C:\-1605014828

2008-05-10 16:21 . 2008-05-10 17:00 36,352 --a------ C:\pxyh.exe

2008-05-10 16:21 . 2001-08-28 12:00 4,096 --------- C:\WINDOWS\system32\sfc.dll

2008-05-10 16:21 . 2001-08-28 12:00 4,096 --a--c--- C:\WINDOWS\system32\dllcache\sfc.dll

2008-05-10 15:50 . 2008-05-10 15:50 1 --a------ C:\WINDOWS\system32\kr_done1de

2008-05-06 11:10 . 2008-05-06 11:10 <REP> d-------- C:\Documents and Settings\NBA\Application Data\Talkback

2008-05-06 11:09 . 2008-05-06 11:09 <REP> d-------- C:\Program Files\RadioXpi

2008-05-05 18:07 . 2008-05-05 21:02 <REP> d-------- C:\Program Files\MSN Apps

2008-05-05 18:03 . 2008-05-05 18:03 <REP> d-------- C:\Program Files\MSN Messenger

2008-05-05 14:01 . 1998-04-24 10:16 558,592 -ra------ C:\WINDOWS\system32\SierraNW.DLL

2008-05-05 14:01 . 1998-04-24 10:16 227,840 -ra------ C:\WINDOWS\system32\SNWValid.dll

2008-05-05 14:01 . 2000-04-04 13:44 44,544 -ra------ C:\WINDOWS\system32\gif89.dll

2008-05-05 14:01 . 2000-04-04 13:44 2,998 -ra------ C:\WINDOWS\system32\setup.ico

2008-05-05 13:56 . 2008-05-05 13:56 <REP> d-------- C:\SIERRA

2008-05-05 13:56 . 2008-05-05 13:56 <REP> d-------- C:\Program Files\Sierra On-Line

2008-05-05 13:56 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll

2008-05-05 13:55 . 2008-05-05 14:01 286 --a------ C:\WINDOWS\SIERRA.INI

2008-05-05 09:28 . 1998-06-17 00:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL

2008-05-05 09:28 . 1998-10-07 14:46 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll

2008-05-05 09:28 . 1998-10-07 14:50 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll

2008-05-05 09:15 . 2008-05-05 09:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Newsoft

2008-05-05 09:14 . 2008-05-05 09:15 <REP> d-------- C:\WINDOWS\system32\ipp20

2008-05-05 09:13 . 2008-05-05 09:29 <REP> d-------- C:\Program Files\Fichiers communs\NewSoft

2008-05-05 09:13 . 2001-11-12 10:44 122,880 --a------ C:\WINDOWS\system32\Nsvideo.dll

2008-05-05 09:12 . 2008-05-05 09:29 <REP> d-------- C:\Program Files\NewSoft

2008-05-05 09:12 . 2008-05-05 09:12 <REP> d-------- C:\Documents and Settings\NBA\WINDOWS

2008-05-05 09:11 . 2008-05-05 09:11 <REP> d-------- C:\Program Files\Fichiers communs\DSC303

2008-05-05 09:11 . 2003-09-05 13:47 514,859 --a------ C:\WINDOWS\system32\drivers\Ca536av.sys

2008-05-05 09:11 . 2002-01-19 15:33 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL

2008-05-05 09:11 . 2003-08-25 16:12 32,768 --a------ C:\WINDOWS\system32\infcpy.dll

2008-05-05 09:11 . 2003-09-05 16:38 17,408 --a------ C:\WINDOWS\system32\Dext536.ax

2008-05-05 09:11 . 2003-05-14 17:28 11,048 --a------ C:\WINDOWS\system32\drivers\Bulk536.sys

2008-05-05 09:11 . 2004-06-30 09:30 1,878 --a------ C:\WINDOWS\Ca536a.ini

2008-05-05 09:11 . 2008-05-09 22:07 887 --a------ C:\WINDOWS\cdplayer.ini

2008-05-05 09:11 . 2003-09-04 13:25 423 --a------ C:\WINDOWS\system32\dext536.ini

2008-05-05 09:11 . 2003-09-04 13:25 423 --a------ C:\WINDOWS\dext536.ini

2008-05-03 18:30 . 2008-05-03 18:30 <REP> d-------- C:\Program Files\Conjugaison

2008-05-03 18:20 . 2008-05-03 18:22 <REP> d-------- C:\Program Files\OpenOffice.org1.0.1

2008-05-03 18:20 . 2008-05-03 18:20 77,824 --a------ C:\WINDOWS\uinst001.exe

2008-05-03 17:13 . 2008-05-06 11:10 1,895 --a------ C:\WINDOWS\mozver.dat

2008-05-01 13:53 . 2008-05-01 13:53 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-30 19:17 . 2008-05-08 21:40 <REP> d-------- C:\Program Files\Fichiers communs\HP

2008-04-30 19:14 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-04-30 19:11 . 2008-05-04 09:36 117,357 --a------ C:\WINDOWS\hpoins11.dat

2008-04-30 13:53 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll

2008-04-29 22:06 . 2008-04-30 19:19 117,858 --------- C:\WINDOWS\hpoins11.dat.temp

2008-04-29 22:06 . 2007-04-19 23:38 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp

2008-04-29 14:04 . 2008-04-29 14:04 <REP> d-------- C:\WINDOWS\system32\athan

2008-04-29 14:04 . 2008-04-29 14:04 <REP> d-------- C:\Program Files\Athan

2008-04-29 14:04 . 2008-04-29 14:04 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-04-28 18:01 . 2008-04-28 18:01 <REP> d-------- C:\Program Files\SAGEM

2008-04-28 18:01 . 2008-04-28 18:01 <REP> d-------- C:\Documents and Settings\NBA\Application Data\InstallShield

2008-04-28 17:39 . 2008-04-28 18:01 <REP> d-------- C:\Program Files\SAGEM(2)

2008-04-28 16:07 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll

2008-04-28 16:07 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll

2008-04-28 16:07 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-04-28 16:07 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe

2008-04-28 16:07 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd

2008-04-28 16:07 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat

2008-04-28 00:54 . 2008-04-28 00:54 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-04-28 00:53 . 2008-04-28 00:53 <REP> d-------- C:\Program Files\Real

2008-04-28 00:53 . 2008-04-28 00:54 <REP> d-------- C:\Program Files\Fichiers communs\Real

2008-04-27 20:03 . 2008-04-27 20:03 <REP> d-------- C:\Program Files\Usenet.to

2008-04-27 20:03 . 2008-04-28 08:01 <REP> d-------- C:\Documents and Settings\NBA\Application Data\UseNeXT

2008-04-26 17:44 . 2005-10-21 00:34 1,006,592 --a------ C:\WINDOWS\system32\esent.dll

2008-04-26 14:40 . 2008-04-26 14:40 <REP> d-------- C:\Documents and Settings\NBA\Application Data\AdobeUM

2008-04-26 14:26 . 2008-04-26 14:27 169 --a------ C:\WINDOWS\adidsl.ini

2008-04-25 18:53 . 2008-04-25 18:53 <REP> d-------- C:\Documents and Settings\NBA\Application Data\HP

2008-04-25 16:12 . 2008-04-25 16:12 <REP> d-------- C:\WINDOWS\system32\bits

2008-04-25 16:12 . 2008-04-28 16:08 <REP> d--h----- C:\WINDOWS\$hf_mig$

2008-04-25 16:12 . 2008-04-25 19:37 1,274,792 --a------ C:\WINDOWS\setupapi.log.1.old

2008-04-25 16:12 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-24 22:23 . 2008-05-14 23:44 <REP> d-------- C:\Documents and Settings\NBA\Application Data\skypePM

2008-04-24 22:23 . 2008-04-24 22:23 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-04-24 22:20 . 2008-04-24 22:20 <REP> d-------- C:\Program Files\Skype

2008-04-24 22:20 . 2008-04-24 22:20 <REP> d-------- C:\Program Files\Fichiers communs\Skype

2008-04-24 22:20 . 2008-05-14 23:44 <REP> d-------- C:\Documents and Settings\NBA\Application Data\Skype

2008-04-24 22:20 . 2008-04-24 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

2008-04-24 20:23 . 2008-04-24 20:23 <REP> d-------- C:\Program Files\DivX

2008-04-24 19:51 . 2008-04-24 19:54 <REP> d-------- C:\Program Files\SpeedBit Video Accelerator

2008-04-24 19:47 . 2008-04-24 19:51 <REP> d-------- C:\Program Files\speed-bit

2008-04-24 19:40 . 2008-04-24 21:28 <REP> d-------- C:\Program Files\DAP

2008-04-24 19:40 . 2008-05-10 20:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-24 19:40 . 2008-04-24 19:40 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-04-24 19:40 . 2008-04-24 19:40 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-04-24 19:40 . 2008-04-24 19:40 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2008-04-24 19:02 . 2008-04-24 21:23 <REP> d-------- C:\temp\FixEngine

2008-04-24 19:02 . 2008-04-24 19:02 <REP> d-------- C:\temp

2008-04-24 18:35 . 2008-04-24 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-04-24 18:31 . 2008-04-30 19:16 <REP> d-------- C:\Program Files\Hewlett-Packard

2008-04-24 18:30 . 2008-04-24 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard

2008-04-24 18:27 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-04-24 18:27 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-04-24 18:27 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-04-24 18:27 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-04-24 18:27 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-04-24 18:25 . 2008-04-30 19:16 <REP> d-------- C:\Program Files\HP



.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-05 07:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-26 12:26 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-04-23 14:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

.



------- Sigcheck -------



2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11bc6d6e-8021-45eb-82f2-f1411f29b285}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28f13093-0677-48f9-89f9-aa9ccc8aead5}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

2008-05-08 21:06 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{637e7efe-e65e-4cf2-92c9-0f560dbe054f}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69117dcf-80b0-4abc-9e67-556aabcf8888}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{873db1fb-9aeb-4363-bd63-d07ce969e0c9}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89a56987-33fe-450b-a5e0-398b7fe8f4ac}]

C:\WINDOWS\System32\ssqQhfcA.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ae961950-e595-4949-8fa0-04ece905b36a}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6b46703-5722-4dee-9d75-b077ffd6ada1}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc77dbdc-51a5-4493-9383-7a85b56146ea}]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-05-08 21:06 1470488]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]



[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]



[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-05-08 21:06 1470488]



[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-24 13:36 68856]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-28 00:53 185896]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-09-06 11:22 222472]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= WDShell [ ]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdcyph]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.NSVI"= NSVIDEO.DLL



[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup



[HKLM\~\startupfolder\C:^Documents and Settings^NBA^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.0.1.lnk]

path=C:\Documents and Settings\NBA\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.0.1.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 1.0.1.lnkStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--------- 2004-06-29 11:06 88363 C:\WINDOWS\AGRSMMSG.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

--a------ 2007-09-06 20:25 1003520 C:\Program Files\Athan\Athan.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-02-08 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

-ra------ 2004-09-07 04:04 40960 C:\WINDOWS\VM_STI.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2002-08-29 11:45 13312 C:\WINDOWS\System32\ctfmon.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-04-24 19:40 3053056 C:\Program Files\DAP\DAP.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]





[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DumpTeam]

D:\WinDev 9\DumpTeam_Pack_v4.5a6.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]





[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]





[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

C:\Program Files\McAfee\Common Framework\UdaterUI.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2003-04-14 19:30 1491216 C:\Program Files\Messenger\MSMSGS.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2006-01-24 20:24 7094272 C:\Program Files\MSN Messenger\msnmsgr.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-06 18:24 21898024 C:\Program Files\Skype\Phone\Skype.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Start UP]

--a------ 2003-01-21 14:25 98304 C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2008-04-24 19:51 2729584 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-04-24 13:36 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-28 00:53 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

C:\PROGRA~1\SYMANT~1\VPTray.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus]

"DisableMonitoring"=dword:00000001



R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\System32\Drivers\Achernar.sys [2004-02-11 15:34]

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-24 19:51]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-24 19:51]

R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\System32\Drivers\Aldebaran.sys [2004-02-11 15:34]

R3 e4usbae;USB ADSL2 LAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbae.sys [2006-10-17 14:52]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 13:47]

S4 EF342444;EF342444;C:\WINDOWS\System32\A476AAC4.EXE []



.

**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 10:39:15

Windows 5.1.2600 Service Pack 1 NTFS



Balayage processus cach‚s ...



Balayage cach‚ autostart entries ...



Balayage des fichiers cach‚s ...



Scan termin‚ avec succŠs

Les fichiers cach‚s: 0



**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-15 10:40:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-15 08:40:53



Pre-Run: 74,111,852,544 octets libres

Post-Run: 74,841,444,352 octets libres



309 --- E O F --- 2008-04-25 14:12:28

---------------------------------------------------------



Ajout du 15-05-2008 à 11:00:

et voila maintenat le raport final de hijackthis

hijackthis.log