Se connecter avec
S'enregistrer | Connectez-vous

TratBHO [Trj]

Dernière réponse : dans Le monde de Windows
Lassé par la pub ? Créez un compte

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:38, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BMd757d4c1] Rundll32.exe "C:\WINDOWS\system32\jcaxtxuv.dll",s
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\ooropaes.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5205 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Voici le rapport de Combofix :

    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\msnimport.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\buarpliw.dll
    C:\WINDOWS\system32\cdbgblfy.ini
    C:\WINDOWS\system32\cxgvaxjy.ini
    C:\WINDOWS\system32\djrhygim.ini
    C:\WINDOWS\system32\dqfhdhkt.ini
    C:\WINDOWS\system32\ecbnxvox.ini
    C:\WINDOWS\system32\gjvvurkg.dll
    C:\WINDOWS\system32\gkdeixym.ini
    C:\WINDOWS\system32\hQAIOqss.ini
    C:\WINDOWS\system32\hQAIOqss.ini2
    C:\WINDOWS\system32\iykogntx.ini
    C:\WINDOWS\system32\jcaxtxuv.dll
    C:\WINDOWS\system32\JmUEOqss.ini
    C:\WINDOWS\system32\JmUEOqss.ini2
    C:\WINDOWS\system32\jqpfncxq.ini
    C:\WINDOWS\system32\kghtyvnd.ini
    C:\WINDOWS\system32\kxrhmgba.dll
    C:\WINDOWS\system32\kynlfvng.ini
    C:\WINDOWS\system32\levltkit.ini
    C:\WINDOWS\system32\ljjgheb.dll
    C:\WINDOWS\system32\magfuevp.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mwnuhymx.dll
    C:\WINDOWS\system32\myxiedkg.dll
    C:\WINDOWS\system32\ogcqrptx.dll
    C:\WINDOWS\system32\Onoonnpo.ini
    C:\WINDOWS\system32\Onoonnpo.ini2
    C:\WINDOWS\system32\powiogtx.ini
    C:\WINDOWS\system32\seaporoo.ini
    C:\WINDOWS\system32\sqcfehfw.dll
    C:\WINDOWS\system32\ssmrypnp.ini
    C:\WINDOWS\system32\sybhrlun.dll
    C:\WINDOWS\system32\tixrdlpw.ini
    C:\WINDOWS\system32\tuvvtrs.dll
    C:\WINDOWS\system32\udrmhnep.ini
    C:\WINDOWS\system32\uywqrntg.dll
    C:\WINDOWS\system32\vpejysls.dll
    C:\WINDOWS\system32\vrejhkrg.dll
    C:\WINDOWS\system32\wbjqmeaq.ini
    C:\WINDOWS\system32\wobpqadp.dll
    C:\WINDOWS\system32\xfavhxqf.dll
    C:\WINDOWS\system32\xhaechne.ini
    C:\WINDOWS\system32\xijhmcve.ini
    C:\WINDOWS\system32\xtgoiwop.dll
    C:\WINDOWS\system32\xyadd.ini
    C:\WINDOWS\system32\xyadd.ini2
    C:\WINDOWS\system32\yirdyues.dll
    C:\WINDOWS\system32\ynpgiuyl.dll
    C:\WINDOWS\system32\yskvnsal.ini
    C:\WINDOWS\system32\ysyvxbwo.ini
    C:\WINDOWS\system32\yttiwfht.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-15 12:58 . 2008-04-15 12:58 <REP> d-------- C:\Program Files\ATI
    2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
    2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
    2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
    2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
    2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
    2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
    2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
    2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
    2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
    2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
    2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
    2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
    2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
    2008-03-31 07:49 . 2008-03-31 07:49 315,664 --------- C:\WINDOWS\system32\mlJBUOfD.dll
    2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
    2008-03-28 13:53 . 2008-03-28 13:53 315,568 --a------ C:\WINDOWS\system32\opnnoonO.dll
    2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
    2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-17 04:35 --------- d-----w C:\Program Files\eMule
    2008-04-17 00:53 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
    2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
    2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
    2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-22 21:10 --------- d-----w C:\Program Files\Java
    2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
    2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
    2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
    2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
    2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
    C:\WINDOWS\system32\ddayx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7765CA7-D33D-4A6A-8A17-564BCC3B415C}]
    2008-03-28 13:53 315568 --a------ C:\WINDOWS\system32\opnnoonO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
    "Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
    "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-17 10:28 3055104]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
    iiffedd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnnoonO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    --a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
    R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
    S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-17 12:00:00 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
    - c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-17 10:27:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 4

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-17 10:30:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-17 22:29:58

    Pre-Run: 12,904,787,968 octets libres
    Post-Run: 13,539,024,896 octets libres
    .
    2008-04-17 12:20:18 --- E O F ---

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 663

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 72932
    Temps écoulé: 52 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 15
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 27

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\stuffplug3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd757d4c1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\opnnoonO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Onoonnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Onoonnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tqckthta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\athtkcqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\gjvvurkg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\kxrhmgba.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\magfuevp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\myxiedkg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014281.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014348.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014386.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014882.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015604.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025271.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025272.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025273.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP135\A0025479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qmwdlejb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\SP3.5.590.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    E:\StuffPlug3\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bobtmoaj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJBUOfD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\CASINO01.INI (Malware.Trace) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:02:51, on 21/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C8DBDC2-2027-46E2-894C-2267B18004A4} - C:\WINDOWS\system32\ddayx.dll (file missing)
    O2 - BHO: {9a0a0945-dfb5-2a4b-3474-af6a05ca80fd} - {df08ac50-a6fa-4743-b4a2-5bfd5490a0a9} - C:\WINDOWS\system32\mowekaif.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\tqckthta.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: iiffedd - iiffedd.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6052 bytes

    ComboFix 08-04-20.5 - Neyrat 2008-04-22 10:57:28.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.555 [GMT -12:00]
    Endroit: E:\Loic\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\celdeaht.ini
    C:\WINDOWS\system32\cqhgnavi.dll
    C:\WINDOWS\system32\dxqvatfo.ini
    C:\WINDOWS\system32\gdjkgywm.dll
    C:\WINDOWS\system32\ggtjhsfa.ini
    C:\WINDOWS\system32\hqtelocf.ini
    C:\WINDOWS\system32\kshqaxyt.ini
    C:\WINDOWS\system32\lievwkwu.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mowekaif.dll
    C:\WINDOWS\system32\rgbkijdy.ini
    C:\WINDOWS\system32\uckaqfqy.dll
    C:\WINDOWS\system32\udsejhgy.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
    2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
    2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
    2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
    2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
    2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
    2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
    2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
    2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
    2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
    2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
    2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
    2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
    2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
    2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
    2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
    2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
    2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
    2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
    2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
    2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-22 09:05 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-04-22 08:00 --------- d-----w C:\Program Files\eMule
    2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
    2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
    2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
    2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-22 21:10 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
    2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
    2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
    2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
    2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
    2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-22 22:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-22 22:59:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
    C:\WINDOWS\system32\ddayx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
    "Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
    "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-22 11:01 3205120]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
    iiffedd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    --a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
    R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
    S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-22 23:00:02 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
    - c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 11:00:15
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 4

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-22 11:01:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-22 23:01:50
    ComboFix2.txt 2008-04-17 22:30:02

    Pre-Run: 14,410,051,584 octets libres
    Post-Run: 14,390,611,968 octets libres

    211 --- E O F --- 2008-04-17 12:20:18

    Re,

    Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    -----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Neyrat ] [ "C:\Lop SD" ]
    [ 22/04/2008 | 16:35:42,26 ] [ PC : NEYRAT-4351367C ]
    [ MAJ : 21-04-2008 | 19:45 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [13/04/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [25/01/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/01/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [25/03/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [21/04/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [26/01/2008|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [02/02/2008|00:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [14/04/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [14/02/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
    [11/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [26/01/2008|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/01/2008|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\.
    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\..
    [27/01/2008|08:47] C:\DOCUME~1\Neyrat\APPLIC~1\Adobe
    [25/01/2008|23:19] C:\DOCUME~1\Neyrat\APPLIC~1\ATI
    [25/01/2008|23:48] C:\DOCUME~1\Neyrat\APPLIC~1\desktop.ini
    [25/01/2008|23:09] C:\DOCUME~1\Neyrat\APPLIC~1\Identities
    [26/01/2008|00:12] C:\DOCUME~1\Neyrat\APPLIC~1\Macromedia
    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\Malwarebytes
    [27/03/2008|16:44] C:\DOCUME~1\Neyrat\APPLIC~1\Microsoft
    [14/04/2008|09:34] C:\DOCUME~1\Neyrat\APPLIC~1\Mozilla
    [13/04/2008|12:47] C:\DOCUME~1\Neyrat\APPLIC~1\MSNInstaller
    [08/03/2008|12:54] C:\DOCUME~1\Neyrat\APPLIC~1\Samsung
    [11/02/2008|20:47] C:\DOCUME~1\Neyrat\APPLIC~1\SopCast
    [05/02/2008|17:31] C:\DOCUME~1\Neyrat\APPLIC~1\Sun
    [14/02/2008|17:53] C:\DOCUME~1\Neyrat\APPLIC~1\Type locks long
    [25/01/2008|23:57] C:\DOCUME~1\Neyrat\APPLIC~1\vlc
    [26/01/2008|00:26] C:\DOCUME~1\Neyrat\APPLIC~1\WinRAR
    [09/04/2008|19:01] C:\DOCUME~1\Neyrat\APPLIC~1\XnView

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [22/04/2008 16:00][--ah-----] C:\WINDOWS\tasks\ABD0E8A3906B9E3F.job
    [22/04/2008 10:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [02/03/2006 00:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [21/04/2008|10:01] C:\Program Files\.
    [21/04/2008|10:01] C:\Program Files\..
    [13/04/2008|12:47] C:\Program Files\Adobe
    [13/04/2008|12:46] C:\Program Files\Adobe(2)
    [30/01/2008|04:34] C:\Program Files\Ahead
    [25/01/2008|23:56] C:\Program Files\Alwil Software
    [25/01/2008|23:38] C:\Program Files\AMD
    [09/04/2008|17:48] C:\Program Files\ArcSoft
    [13/04/2008|13:14] C:\Program Files\ASUS
    [15/04/2008|12:57] C:\Program Files\ATI Technologies
    [25/01/2008|23:47] C:\Program Files\Attansic
    [09/04/2008|17:51] C:\Program Files\Canon
    [15/04/2008|13:30] C:\Program Files\Circle Developement
    [25/01/2008|22:58] C:\Program Files\ComPlus Applications
    [30/01/2008|04:33] C:\Program Files\CyberLink DVD Solution
    [14/02/2008|09:57] C:\Program Files\DirectVobSub
    [13/04/2008|12:46] C:\Program Files\Disney Interactive(2)
    [05/02/2008|22:25] C:\Program Files\DivX
    [22/04/2008|11:21] C:\Program Files\eMule
    [09/04/2008|17:49] C:\Program Files\Fichiers communs
    [13/04/2008|13:11] C:\Program Files\InstallShield Installation Information
    [14/04/2008|00:14] C:\Program Files\Internet Explorer
    [22/03/2008|09:10] C:\Program Files\Java
    [26/01/2008|02:47] C:\Program Files\KONAMI
    [21/04/2008|10:01] C:\Program Files\Malwarebytes' Anti-Malware
    [26/01/2008|00:42] C:\Program Files\Messenger
    [29/03/2008|12:00] C:\Program Files\Messenger Plus! Live
    [25/01/2008|23:02] C:\Program Files\microsoft frontpage
    [26/01/2008|04:14] C:\Program Files\Microsoft Office
    [26/01/2008|04:13] C:\Program Files\Microsoft Visual Studio
    [26/01/2008|04:11] C:\Program Files\Microsoft Visual Studio 8
    [26/01/2008|04:14] C:\Program Files\Microsoft Works
    [26/01/2008|04:13] C:\Program Files\Microsoft.NET
    [25/01/2008|22:59] C:\Program Files\Movie Maker
    [22/04/2008|11:03] C:\Program Files\Mozilla Firefox
    [14/04/2008|12:43] C:\Program Files\MSBuild
    [04/02/2008|15:31] C:\Program Files\MSN
    [25/01/2008|22:57] C:\Program Files\MSN Gaming Zone
    [10/03/2008|00:01] C:\Program Files\MSXML 4.0
    [17/04/2008|00:20] C:\Program Files\MSXML 6.0
    [25/01/2008|23:18] C:\Program Files\My Company Name
    [25/01/2008|22:59] C:\Program Files\NetMeeting
    [25/01/2008|22:57] C:\Program Files\Online Services
    [26/01/2008|00:42] C:\Program Files\Outlook Express
    [30/01/2008|04:03] C:\Program Files\PronoFoot Expert Plus
    [13/04/2008|12:46] C:\Program Files\QuickTime(2)
    [25/01/2008|23:45] C:\Program Files\Realtek
    [14/04/2008|12:40] C:\Program Files\Reference Assemblies
    [08/03/2008|12:21] C:\Program Files\Samsung
    [09/04/2008|17:49] C:\Program Files\ScanSoft
    [25/01/2008|23:00] C:\Program Files\Services en ligne
    [14/02/2008|19:27] C:\Program Files\SopCast
    [11/03/2008|15:21] C:\Program Files\Spybot - Search & Destroy
    [14/04/2008|22:44] C:\Program Files\Trend Micro
    [24/02/2008|18:59] C:\Program Files\TVAnts
    [14/02/2008|17:52] C:\Program Files\Type locks long
    [25/01/2008|23:09] C:\Program Files\Uninstall Information
    [01/10/2004|02:00] C:\Program Files\Uninstall_CDS.exe
    [26/01/2008|02:58] C:\Program Files\USB Vibration
    [13/02/2008|10:03] C:\Program Files\Veoh Networks
    [25/01/2008|23:39] C:\Program Files\VIA
    [25/01/2008|23:57] C:\Program Files\VideoLAN
    [26/02/2008|23:13] C:\Program Files\Winamp
    [26/01/2008|00:06] C:\Program Files\Windows Live
    [26/01/2008|00:12] C:\Program Files\Windows Media Player
    [25/01/2008|22:57] C:\Program Files\Windows NT
    [25/01/2008|23:00] C:\Program Files\WindowsUpdate
    [25/01/2008|23:55] C:\Program Files\WinRAR
    [25/01/2008|23:02] C:\Program Files\xerox
    [30/01/2008|20:51] C:\Program Files\XnView

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [09/04/2008|17:49] C:\Program Files\Fichiers communs\.
    [09/04/2008|17:49] C:\Program Files\Fichiers communs\..
    [13/04/2008|12:46] C:\Program Files\Fichiers communs\Adobe
    [30/01/2008|04:33] C:\Program Files\Fichiers communs\Ahead
    [25/01/2008|23:15] C:\Program Files\Fichiers communs\ATI Technologies
    [26/01/2008|04:13] C:\Program Files\Fichiers communs\DESIGNER
    [25/01/2008|23:12] C:\Program Files\Fichiers communs\InstallShield
    [05/02/2008|17:30] C:\Program Files\Fichiers communs\Java
    [15/04/2008|12:43] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/01/2008|22:59] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2008|23:48] C:\Program Files\Fichiers communs\ODBC
    [13/04/2008|12:47] C:\Program Files\Fichiers communs\ScanSoft Shared
    [25/01/2008|22:59] C:\Program Files\Fichiers communs\Services
    [25/01/2008|23:48] C:\Program Files\Fichiers communs\SpeechEngines
    [26/01/2008|04:11] C:\Program Files\Fichiers communs\System
    [26/01/2008|00:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\More Math.exe
    C:\Program Files\Circle Developement
    C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Amok Eggs Four Web"="C:\\Documents and Settings\\All Users\\Application Data\\part dead amok eggs\\More Math.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 16:36:12
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:4][Doss:3] C:\DOCUME~1\Neyrat\LOCALS~1\Temp
    /!\ [Fich:203][Doss:0] C:\DOCUME~1\Neyrat\Cookies
    /!\ [Fich:221][Doss:15] C:\DOCUME~1\Neyrat\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 16:37:12,21 ]----------------------

    PS : Pendant la recherche de Lop, avast m'a signalé par 2 messages un trojan, j'ai choisi l'option ne rien faire.

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

    -----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Neyrat ] [ "C:\Lop SD" ]
    [ 22/04/2008 | 18:16:59,68 ] [ PC : NEYRAT-4351367C ]
    [ MAJ : 21-04-2008 | 19:45 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\More Math.exe
    Supprimé! - C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
    Supprimé! - C:\Program Files\Circle Developement

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [22/04/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [22/04/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [13/04/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [25/01/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/01/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [25/03/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
    [21/04/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [26/01/2008|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [02/02/2008|00:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [14/04/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [11/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [26/01/2008|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [25/01/2008|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\.
    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\..
    [27/01/2008|08:47] C:\DOCUME~1\Neyrat\APPLIC~1\Adobe
    [25/01/2008|23:19] C:\DOCUME~1\Neyrat\APPLIC~1\ATI
    [25/01/2008|23:48] C:\DOCUME~1\Neyrat\APPLIC~1\desktop.ini
    [25/01/2008|23:09] C:\DOCUME~1\Neyrat\APPLIC~1\Identities
    [26/01/2008|00:12] C:\DOCUME~1\Neyrat\APPLIC~1\Macromedia
    [21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\Malwarebytes
    [27/03/2008|16:44] C:\DOCUME~1\Neyrat\APPLIC~1\Microsoft
    [14/04/2008|09:34] C:\DOCUME~1\Neyrat\APPLIC~1\Mozilla
    [13/04/2008|12:47] C:\DOCUME~1\Neyrat\APPLIC~1\MSNInstaller
    [08/03/2008|12:54] C:\DOCUME~1\Neyrat\APPLIC~1\Samsung
    [11/02/2008|20:47] C:\DOCUME~1\Neyrat\APPLIC~1\SopCast
    [05/02/2008|17:31] C:\DOCUME~1\Neyrat\APPLIC~1\Sun
    [14/02/2008|17:53] C:\DOCUME~1\Neyrat\APPLIC~1\Type locks long
    [25/01/2008|23:57] C:\DOCUME~1\Neyrat\APPLIC~1\vlc
    [26/01/2008|00:26] C:\DOCUME~1\Neyrat\APPLIC~1\WinRAR
    [09/04/2008|19:01] C:\DOCUME~1\Neyrat\APPLIC~1\XnView

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [22/04/2008 10:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [02/03/2006 00:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [22/04/2008|18:17] C:\Program Files\.
    [22/04/2008|18:17] C:\Program Files\..
    [13/04/2008|12:47] C:\Program Files\Adobe
    [13/04/2008|12:46] C:\Program Files\Adobe(2)
    [30/01/2008|04:34] C:\Program Files\Ahead
    [25/01/2008|23:56] C:\Program Files\Alwil Software
    [25/01/2008|23:38] C:\Program Files\AMD
    [09/04/2008|17:48] C:\Program Files\ArcSoft
    [13/04/2008|13:14] C:\Program Files\ASUS
    [15/04/2008|12:57] C:\Program Files\ATI Technologies
    [25/01/2008|23:47] C:\Program Files\Attansic
    [09/04/2008|17:51] C:\Program Files\Canon
    [25/01/2008|22:58] C:\Program Files\ComPlus Applications
    [30/01/2008|04:33] C:\Program Files\CyberLink DVD Solution
    [14/02/2008|09:57] C:\Program Files\DirectVobSub
    [13/04/2008|12:46] C:\Program Files\Disney Interactive(2)
    [05/02/2008|22:25] C:\Program Files\DivX
    [22/04/2008|11:21] C:\Program Files\eMule
    [09/04/2008|17:49] C:\Program Files\Fichiers communs
    [13/04/2008|13:11] C:\Program Files\InstallShield Installation Information
    [14/04/2008|00:14] C:\Program Files\Internet Explorer
    [22/03/2008|09:10] C:\Program Files\Java
    [26/01/2008|02:47] C:\Program Files\KONAMI
    [21/04/2008|10:01] C:\Program Files\Malwarebytes' Anti-Malware
    [26/01/2008|00:42] C:\Program Files\Messenger
    [29/03/2008|12:00] C:\Program Files\Messenger Plus! Live
    [25/01/2008|23:02] C:\Program Files\microsoft frontpage
    [26/01/2008|04:14] C:\Program Files\Microsoft Office
    [26/01/2008|04:13] C:\Program Files\Microsoft Visual Studio
    [26/01/2008|04:11] C:\Program Files\Microsoft Visual Studio 8
    [26/01/2008|04:14] C:\Program Files\Microsoft Works
    [26/01/2008|04:13] C:\Program Files\Microsoft.NET
    [25/01/2008|22:59] C:\Program Files\Movie Maker
    [22/04/2008|11:03] C:\Program Files\Mozilla Firefox
    [14/04/2008|12:43] C:\Program Files\MSBuild
    [04/02/2008|15:31] C:\Program Files\MSN
    [25/01/2008|22:57] C:\Program Files\MSN Gaming Zone
    [10/03/2008|00:01] C:\Program Files\MSXML 4.0
    [17/04/2008|00:20] C:\Program Files\MSXML 6.0
    [25/01/2008|23:18] C:\Program Files\My Company Name
    [25/01/2008|22:59] C:\Program Files\NetMeeting
    [25/01/2008|22:57] C:\Program Files\Online Services
    [26/01/2008|00:42] C:\Program Files\Outlook Express
    [30/01/2008|04:03] C:\Program Files\PronoFoot Expert Plus
    [13/04/2008|12:46] C:\Program Files\QuickTime(2)
    [25/01/2008|23:45] C:\Program Files\Realtek
    [14/04/2008|12:40] C:\Program Files\Reference Assemblies
    [08/03/2008|12:21] C:\Program Files\Samsung
    [09/04/2008|17:49] C:\Program Files\ScanSoft
    [25/01/2008|23:00] C:\Program Files\Services en ligne
    [14/02/2008|19:27] C:\Program Files\SopCast
    [11/03/2008|15:21] C:\Program Files\Spybot - Search & Destroy
    [14/04/2008|22:44] C:\Program Files\Trend Micro
    [24/02/2008|18:59] C:\Program Files\TVAnts
    [14/02/2008|17:52] C:\Program Files\Type locks long
    [25/01/2008|23:09] C:\Program Files\Uninstall Information
    [01/10/2004|02:00] C:\Program Files\Uninstall_CDS.exe
    [26/01/2008|02:58] C:\Program Files\USB Vibration
    [13/02/2008|10:03] C:\Program Files\Veoh Networks
    [25/01/2008|23:39] C:\Program Files\VIA
    [25/01/2008|23:57] C:\Program Files\VideoLAN
    [26/02/2008|23:13] C:\Program Files\Winamp
    [26/01/2008|00:06] C:\Program Files\Windows Live
    [26/01/2008|00:12] C:\Program Files\Windows Media Player
    [25/01/2008|22:57] C:\Program Files\Windows NT
    [25/01/2008|23:00] C:\Program Files\WindowsUpdate
    [25/01/2008|23:55] C:\Program Files\WinRAR
    [25/01/2008|23:02] C:\Program Files\xerox
    [30/01/2008|20:51] C:\Program Files\XnView

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [09/04/2008|17:49] C:\Program Files\Fichiers communs\.
    [09/04/2008|17:49] C:\Program Files\Fichiers communs\..
    [13/04/2008|12:46] C:\Program Files\Fichiers communs\Adobe
    [30/01/2008|04:33] C:\Program Files\Fichiers communs\Ahead
    [25/01/2008|23:15] C:\Program Files\Fichiers communs\ATI Technologies
    [26/01/2008|04:13] C:\Program Files\Fichiers communs\DESIGNER
    [25/01/2008|23:12] C:\Program Files\Fichiers communs\InstallShield
    [05/02/2008|17:30] C:\Program Files\Fichiers communs\Java
    [15/04/2008|12:43] C:\Program Files\Fichiers communs\Microsoft Shared
    [25/01/2008|22:59] C:\Program Files\Fichiers communs\MSSoap
    [25/01/2008|23:48] C:\Program Files\Fichiers communs\ODBC
    [13/04/2008|12:47] C:\Program Files\Fichiers communs\ScanSoft Shared
    [25/01/2008|22:59] C:\Program Files\Fichiers communs\Services
    [25/01/2008|23:48] C:\Program Files\Fichiers communs\SpeechEngines
    [26/01/2008|04:11] C:\Program Files\Fichiers communs\System
    [26/01/2008|00:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 18:17:26
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:4][Doss:3] C:\DOCUME~1\Neyrat\LOCALS~1\Temp
    /!\ [Fich:206][Doss:0] C:\DOCUME~1\Neyrat\Cookies
    /!\ [Fich:288][Doss:15] C:\DOCUME~1\Neyrat\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 18:18:12,98 ]----------------------

    ComboFix 08-04-20.5 - Neyrat 2008-04-23 12:01:43.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.652 [GMT -12:00]
    Endroit: E:\Loic\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-22 16:35 . 2008-04-22 18:18 <REP> d-------- C:\Lop SD
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
    2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
    2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
    2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
    2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
    2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
    2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
    2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
    2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
    2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
    2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
    2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
    2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
    2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
    2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
    2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
    2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
    2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
    2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
    2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
    2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Loïc CV.docx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-23 06:02 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-04-22 23:21 --------- d-----w C:\Program Files\eMule
    2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
    2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
    2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-22 21:10 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
    2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
    2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
    2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
    2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
    2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 20:39:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 20:39:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
    C:\WINDOWS\system32\ddayx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
    "Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
    "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
    iiffedd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    --a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
    R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
    S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-23 12:02:40
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-23 12:03:10
    ComboFix-quarantined-files.txt 2008-04-24 00:03:06
    ComboFix2.txt 2008-04-22 23:01:53
    ComboFix3.txt 2008-04-17 22:30:02

    Pre-Run: 14,330,839,040 octets libres
    Post-Run: 14,324,379,648 octets libres

    173 --- E O F --- 2008-04-17 12:20:18

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\wfvvlpgj.ini
    C:\WINDOWS\system32\iqcaxucl.ini
    C:\WINDOWS\system32\bfsgkpju.ini
    C:\WINDOWS\system32\ssqOIAQh.dll
    C:\WINDOWS\system32\ssqOEUmJ.dll
    C:\WINDOWS\system32\tqckthta.dll

    Folder::
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Plusone"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "d464e75d"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

    Il n'y a pas eu de redémarrage.

    Voici le rapport Combofix :

    ComboFix 08-04-20.5 - Neyrat 2008-04-27 15:29:36.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.545 [GMT -12:00]
    Endroit: E:\Loic\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Neyrat\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\bfsgkpju.ini
    C:\WINDOWS\system32\iqcaxucl.ini
    C:\WINDOWS\system32\ssqOEUmJ.dll
    C:\WINDOWS\system32\ssqOIAQh.dll
    C:\WINDOWS\system32\tqckthta.dll
    C:\WINDOWS\system32\wfvvlpgj.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\0
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\bxamgpjb.exe
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Loud Drive Intra.exe
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\shwuxtyk.exe
    C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\test meta first fast.exe
    C:\WINDOWS\system32\bfsgkpju.ini
    C:\WINDOWS\system32\iqcaxucl.ini
    C:\WINDOWS\system32\ssqOEUmJ.dll
    C:\WINDOWS\system32\ssqOIAQh.dll
    C:\WINDOWS\system32\wfvvlpgj.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-22 16:35 . 2008-04-22 18:18 <REP> d-------- C:\Lop SD
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
    2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
    2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
    2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
    2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
    2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
    2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
    2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
    2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
    2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
    2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
    2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
    2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
    2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
    2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
    2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-27 20:48 --------- d-----w C:\Program Files\eMule
    2008-04-26 04:34 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
    2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
    2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-22 21:10 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
    2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
    2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
    2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-27 20:19:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-17 22:27:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
    + 2008-04-27 20:19:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
    "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    --a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
    R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
    S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-27 15:30:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-27 15:31:19
    ComboFix-quarantined-files.txt 2008-04-28 03:31:10
    ComboFix2.txt 2008-04-24 00:03:11
    ComboFix3.txt 2008-04-22 23:01:53
    ComboFix4.txt 2008-04-17 22:30:02

    Pre-Run: 14,400,544,768 octets libres
    Post-Run: 14,385,430,528 octets libres

    181 --- E O F --- 2008-04-17 12:20:18



    Puis le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:32:55, on 27/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 5206 bytes

    Avira AntiVir Personal
    Report file date: mardi 6 mai 2008 13:56

    Scanning for 1253212 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Neyrat
    Computer name: NEYRAT-4351367C

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 07/05/2008 01:54:46
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/05/2008 01:54:46
    LUKE.DLL : 8.1.2.9 151809 Bytes 07/05/2008 01:54:46
    LUKERES.DLL : 8.1.2.1 12033 Bytes 07/05/2008 01:54:46
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 03:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:54:46
    ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 01:54:46
    ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 01:54:46
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 07/05/2008 01:54:47
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 07/05/2008 01:54:47
    AESCN.DLL : 8.1.0.15 119157 Bytes 07/05/2008 01:54:47
    AERDL.DLL : 8.1.0.20 418165 Bytes 07/05/2008 01:54:47
    AEPACK.DLL : 8.1.1.4 364918 Bytes 07/05/2008 01:54:47
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/05/2008 01:54:47
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 07/05/2008 01:54:47
    AEHELP.DLL : 8.1.0.14 115063 Bytes 07/05/2008 01:54:47
    AEGEN.DLL : 8.1.0.18 299381 Bytes 07/05/2008 01:54:46
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/05/2008 01:54:46
    AECORE.DLL : 8.1.0.27 168310 Bytes 07/05/2008 01:54:46
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 07/05/2008 01:54:46
    AVPREF.DLL : 8.0.0.1 25857 Bytes 07/05/2008 01:54:46
    AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 02:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 07/05/2008 01:54:46
    AVARKT.DLL : 1.0.0.23 307457 Bytes 07/05/2008 01:54:46
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 07/05/2008 01:54:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 07/05/2008 01:54:46
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 07/05/2008 01:54:46
    NETNT.DLL : 8.0.0.1 7937 Bytes 07/05/2008 01:54:46
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 07/05/2008 01:54:41
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/05/2008 01:54:41

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 6 mai 2008 13:56

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    28 processes with 28 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Loud Drive Intra.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\shwuxtyk.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\test meta first fast.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\buarpliw.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\cqhgnavi.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gdjkgywm.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jcaxtxuv.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mowekaif.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mwnuhymx.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ogcqrptx.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\sqcfehfw.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOEUmJ.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOIAQh.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\sybhrlun.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\uckaqfqy.dll.vir
    [DETECTION] Is the Trojan horse TR/PCK.Monder.96320.2
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\uywqrntg.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vrejhkrg.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\wobpqadp.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xfavhxqf.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xtgoiwop.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\yirdyues.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\yttiwfht.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    Begin scan in 'E:\' <Données>


    End of the scan: mardi 6 mai 2008 14:14
    Used time: 17:35 min

    The scan has been done completely.

    4661 Scanning directories
    144923 Files were scanned
    23 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    23 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    144900 Files not concerned
    1048 Archives were scanned
    1 Warnings
    23 Notes

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:32:13, on 06/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
    O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 5623 bytes
    Lassé par la pub ? Créez un compte
    • Contenus similaires :