TOTAL SECURITY procédure rapide

Bonjour,

Apparemment ça marche peux-tu vérifier chez toi et me tenir au courant

Effectivement le numero est différent suivant les PC, il faut donc modifier ce numéro en fonction de ce qui est présent sur le PC.

Peut-être pas si aléatoire car nous retrouvons le même numéro su plusieurs ordinateurs, peut-être en fonction du système d'exploitation ... à affiner

help help help. Comment supprimer svp une fois pour toutes ce virus. ça fait une journée que je galère. J'aimerais si possible une procédure claire et efficace pas trop compliquée svp. apparemment la procédure de copier coller des 3 fichiers n'est pas fiable!! j'attend vos suggestions radicales. Merci à tous.

Merci Anthony pour ton aide . Voici le rapport effectuComboFix 09-08-23.01 - THIERRY 24/08/2009 15:00.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.690 [GMT 2:00]
Running from: c:\documents and settings\THIERRY\Bureau\ComboFix.exe
Command switches used :: Combofix.exe
AV: avast! antivirus 4.8.1351 [VPS 090823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\11366464
c:\documents and settings\All Users\Application Data\11366464\11366464
c:\documents and settings\All Users\Application Data\11366464\11366464.exe
c:\documents and settings\All Users\Application Data\11366464\pc11366464ins
c:\documents and settings\THIERRY\Application Data\wiaserva.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-23 10:28 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\51045754.sys
2009-08-23 10:21 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-22 20:15 . 2009-08-22 20:15 -------- d-----w- c:\program files\GlobFX
2009-08-22 15:27 . 2009-08-22 15:27 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-22 15:25 . 2009-08-22 15:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-22 15:00 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 12:45 . 2009-08-24 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-22 12:24 . 2009-08-24 09:57 -------- d-----w- c:\program files\ZHPDiag
2009-08-22 11:45 . 2009-08-22 12:10 110 --s-a-w- c:\windows\system32\3959993317.dat
2009-08-22 11:12 . 2009-08-22 11:12 -------- d-----w- c:\program files\Enigma Software Group
2009-08-20 11:56 . 2009-08-20 11:56 -------- d-----w- C:\Programefiles
2009-08-19 15:28 . 2009-08-24 09:57 -------- d-----w- c:\program files\DDnsFilter
2009-08-15 21:00 . 2009-08-15 21:00 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-15 21:00 . 2008-04-13 17:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-15 21:00 . 2008-04-13 17:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-15 15:09 . 2009-08-15 15:26 -------- d-----w- c:\documents and settings\THIERRY\Application Data\fretsonfire
2009-08-15 15:09 . 2009-08-17 12:05 -------- d-----w- c:\program files\Frets on Fire
2009-08-13 09:12 . 2009-08-13 09:12 -------- d-----w- C:\col5319
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Dossier de téléchargement Share-to-Web
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-08-13 09:02 . 2009-08-17 20:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-13 09:00 . 2009-08-13 09:00 -------- d-----w- C:\sj659
2009-08-12 16:13 . 2009-08-12 16:13 1080 ----a-w- c:\windows\AUTOLNCH.REG
2009-08-12 16:13 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-12 16:13 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-10 11:05 . 2009-08-10 11:07 -------- d-----w- c:\windows\system32\NtmsData
2009-08-09 14:43 . 2009-08-09 14:43 -------- d-----w- c:\program files\Eidos Interactive
2009-08-09 13:52 . 2009-08-09 13:52 -------- d-----w- c:\program files\Creative Labs
2009-08-09 13:52 . 1999-07-06 12:13 40960 ----a-w- c:\windows\system32\eax.dll
2009-08-09 13:52 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-08 12:23 . 2009-08-08 12:25 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 20:36 . 2009-08-07 21:00 -------- d-----w- c:\program files\FP
2009-08-07 20:25 . 2009-08-07 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-07 20:25 . 2009-08-07 20:42 -------- d-----w- c:\program files\NOS
2009-08-07 12:24 . 2009-08-09 14:00 1371 ----a-w- c:\windows\mozver.dat
2009-08-07 11:32 . 2009-08-07 11:32 0 ----a-w- c:\windows\nsreg.dat
2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\Mozilla
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 22:15 . 2009-08-11 20:04 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\NFS Underground 2
2009-07-30 16:34 . 2009-07-30 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-07-30 16:23 . 2009-07-30 16:23 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-07-30 15:07 . 2009-07-30 15:17 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- C:\SIERRA
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- c:\documents and settings\THIERRY\WINDOWS
2009-07-29 20:12 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-07-29 19:46 . 2009-07-29 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-07-29 19:24 . 2003-10-27 12:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-07-29 19:24 . 2003-10-27 12:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2009-07-29 19:24 . 2003-10-27 12:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2009-07-29 19:24 . 2003-10-27 12:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2009-07-29 19:24 . 2003-10-27 12:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-29 17:45 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 17:45 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-25 20:05 . 2009-08-08 13:55 -------- d-----w- c:\program files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 13:11 . 2009-07-22 07:51 10364960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-24 13:06 . 2009-07-22 07:51 120656 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-24 09:57 . 2009-07-03 18:50 -------- d-----w- c:\program files\Google
2009-08-24 09:57 . 2009-08-24 09:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 11:40 . 2009-07-03 18:47 -------- d-----w- c:\documents and settings\THIERRY\Application Data\uTorrent
2009-08-17 20:35 . 2009-07-01 21:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-08-17 16:10 . 2009-07-01 20:02 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-01 20:03 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-01 20:03 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-01 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-01 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-01 20:03 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-01 20:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-01 20:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-01 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 13:55 . 2009-07-02 08:21 -------- d-----w- c:\program files\GUILD WARS
2009-08-13 09:02 . 2009-07-10 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 11:06 . 2009-07-01 14:10 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-10 14:55 . 2009-07-10 13:42 -------- d-----w- c:\documents and settings\THIERRY\Application Data\dvdcss
2009-08-08 16:52 . 2009-07-01 13:38 50640 ----a-w- c:\documents and settings\THIERRY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 16:55 . 2009-07-07 11:16 -------- d-----w- c:\program files\Microsoft Games
2009-08-05 09:00 . 2002-08-29 09:44 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\program files\CCleaner
2009-07-17 19:03 . 2002-08-29 09:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2009-07-01 13:12 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-10 17:49 . 2009-07-10 17:49 -------- d-----w- c:\program files\Samsung
2009-07-08 13:47 . 2009-07-04 14:20 -------- d-----w- c:\documents and settings\THIERRY\Application Data\teamspeak2
2009-07-08 12:24 . 2009-07-08 12:24 -------- d-----w- c:\program files\Alcohol Soft
2009-07-08 12:22 . 2009-07-08 12:22 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-06 19:38 . 2004-12-26 19:30 -------- d-----w- c:\program files\SoftChris
2009-07-06 19:31 . 2009-07-02 08:04 -------- d-----w- c:\program files\IncrediMail
2009-07-04 14:34 . 2009-07-04 14:20 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-03 19:51 . 2009-07-03 19:51 53248 ----a-w- c:\windows\system32\unrar.dll
2009-07-03 18:48 . 2009-07-03 18:48 -------- d-----w- c:\program files\uTorrent
2009-07-03 18:39 . 2009-07-03 18:39 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Atari
2009-07-03 18:38 . 2009-07-03 18:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-03 16:57 . 2002-08-29 09:45 915456 ------w- c:\windows\system32\wininet.dll
2009-07-02 08:05 . 2009-07-02 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-07-02 08:04 . 2009-07-02 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-07-02 07:37 . 2009-07-02 07:34 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2009-07-01 21:58 . 2009-07-01 21:58 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-01 20:59 . 2009-07-01 20:59 15872 ----a-r- c:\documents and settings\THIERRY\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2009-07-01 20:59 . 2009-07-01 20:59 -------- d-----w- c:\program files\Valve
2009-07-01 20:56 . 2009-07-01 20:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Microsoft
2009-07-01 20:41 . 2009-07-01 20:40 -------- d-----w- c:\program files\Windows Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 20:32 . 2009-07-01 20:32 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-01 20:16 . 2009-07-01 20:16 -------- d-----w- c:\program files\Neuf
2009-07-01 20:02 . 2009-07-01 20:02 -------- d-----w- c:\program files\Alwil Software
2009-07-01 19:24 . 2001-08-28 12:00 48856 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-01 19:24 . 2001-08-28 12:00 368076 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 15:14 . 2009-07-01 15:14 -------- d-----w- c:\documents and settings\THIERRY\Application Data\vlc
2009-07-01 15:13 . 2009-07-01 15:13 -------- d-----w- c:\program files\VideoLAN
2009-07-01 13:15 . 2009-07-01 12:45 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-01 12:46 . 2009-07-01 12:46 -------- d-----w- c:\program files\microsoft frontpage
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\KCPJXJRJ.DAT
2009-07-01 12:46 . 2009-07-01 12:46 558142 ----a-w- c:\windows\java\Packages\V3PB33NF.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\4SHNRH77.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\XJDR1335.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\DBDFBB7T.DAT
2009-07-01 12:46 . 2009-07-01 12:46 155995 ----a-w- c:\windows\java\Packages\8T3971JJ.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\0TNFVZ9R.DAT
2009-07-01 12:43 . 2009-07-01 12:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-01 12:43 . 2009-07-01 12:43 -------- d-----w- c:\program files\Services en ligne
2009-06-25 08:26 . 2002-08-29 09:44 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2002-08-29 09:44 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2002-08-29 09:44 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2002-08-29 09:44 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2001-08-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2002-08-29 09:44 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2001-08-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2002-08-29 09:45 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2002-08-29 09:45 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2002-08-29 09:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-07-01 12:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2001-08-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2002-08-29 09:44 1297408 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-22_19.48.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 09:59 . 2009-08-24 09:59 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-15 10:44 . 2009-06-15 10:44 82944 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 10:44 . 2009-06-15 10:44 78848 c:\windows\system32\dllcache\telnet.exe
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll
- 2009-07-02 07:54 . 2009-07-31 12:06 90112 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 90112 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 45056 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 45056 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 22528 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 22528 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 30720 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 30720 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 16384 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 16384 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 34304 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 34304 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 81920 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 81920 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 3584 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 3584 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 8192 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 8192 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 2560 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 2560 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-01 13:12 . 2009-07-12 10:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2009-07-01 13:12 . 2008-04-13 17:33 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-07-01 18:09 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-24 10:04 . 2009-08-24 10:04 195584 c:\windows\Installer\4fc6c.msi
- 2009-07-02 07:54 . 2009-07-31 12:06 114688 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 114688 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-07-02 07:54 . 2009-08-23 20:53 167936 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-07-02 07:54 . 2009-07-31 12:06 167936 c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-07-01 13:12 . 2009-07-12 10:21 4874240 c:\windows\system32\wmp.dll
- 2009-07-01 13:12 . 2008-04-13 17:33 4874240 c:\windows\system32\wmp.dll
+ 2009-08-24 09:49 . 2009-08-24 09:58 2564716 c:\windows\system32\Restore\rstrlog.dat
- 2009-07-01 13:12 . 2008-04-13 17:33 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 13:12 . 2009-07-12 10:21 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 12:43 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-07-01 19:34 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-20 10:03 . 2009-07-20 10:03 16465408 c:\windows\Installer\3813a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-07-01 1217784]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-02 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-03 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\THIERRY\Menu D‚marrer\Programmes\D‚marrage\
is-5QQ07.lnk - c:\documents and settings\THIERRY\Bureau\Virus Removal Tool\is-5QQ07\startup.exe [2009-8-23 65536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\counter-strike\\hl.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 22:03 114768]
R1 is-5QQ07drv;is-5QQ07drv;c:\windows\system32\drivers\51045754.sys [23/08/2009 12:28 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 22:03 20560]
R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [01/07/2009 15:39 72192]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [28/08/2001 14:00 14336]
S2 gupdate1ca23269f92aaf0;Service Google Update (gupdate1ca23269f92aaf0);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 14:46 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 12:45]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-11366464 - c:\documents and settings\All Users\Application Data\11366464\11366464.exe


.
------- Supplementary Scan -------
.
uStart Page = neufportail.fr/
uDefault_Search_URL = hxxp://fr.gdark.com
uSearchMigratedDefaultURL = hxxp://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://fr.gdark.com
uSearchURL,(Default) = hxxp://fr.gdark.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4028)
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\documents and settings\THIERRY\Bureau\Virus Removal Tool\is-5QQ07\is-5QQ07.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-24 15:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 13:12
ComboFix2.txt 2009-08-22 19:54

Pre-Run: 115 071 565 824 octets libres
Post-Run: 115 041 660 928 octets libres

340 --- E O F --- 2009-08-24 10:04
é comme demandé. Que dois je faire maintenant? A+ Thierry

Tu n'arrives pas à ouvrir le bloc-notes ??

Tu n'arrives pas à ouvrir le bloc-notes ?? ou en est-tu à l'exécution ??

Re,


"c'est le même principe pour n'importe quel outil"

Oui, il suffit de taper le nom donné à l'outil (dans l'exemple que tu donnes, taper azerty.exe lancerait effectivement combofix ;) )


"est-ce qu'il pourrait être utile en cas d'infection Tibs ? ( pour éviter le renommage des outils surtout )"

Ici DDO permet de contourner le blocage de tous les fichiers exécutables en les lançant via l'invite de commande, mais Tibs bloque certains outils en reconnaissant leur nom, je ne pense pas que DDO serait utile dans ce cas là.