TratBHO [Trj]

Bonjour,

Quel emplacement ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:38, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BMd757d4c1] Rundll32.exe "C:\WINDOWS\system32\jcaxtxuv.dll",s
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\ooropaes.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5205 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Voici le rapport de Combofix :

* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\msnimport.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\buarpliw.dll
C:\WINDOWS\system32\cdbgblfy.ini
C:\WINDOWS\system32\cxgvaxjy.ini
C:\WINDOWS\system32\djrhygim.ini
C:\WINDOWS\system32\dqfhdhkt.ini
C:\WINDOWS\system32\ecbnxvox.ini
C:\WINDOWS\system32\gjvvurkg.dll
C:\WINDOWS\system32\gkdeixym.ini
C:\WINDOWS\system32\hQAIOqss.ini
C:\WINDOWS\system32\hQAIOqss.ini2
C:\WINDOWS\system32\iykogntx.ini
C:\WINDOWS\system32\jcaxtxuv.dll
C:\WINDOWS\system32\JmUEOqss.ini
C:\WINDOWS\system32\JmUEOqss.ini2
C:\WINDOWS\system32\jqpfncxq.ini
C:\WINDOWS\system32\kghtyvnd.ini
C:\WINDOWS\system32\kxrhmgba.dll
C:\WINDOWS\system32\kynlfvng.ini
C:\WINDOWS\system32\levltkit.ini
C:\WINDOWS\system32\ljjgheb.dll
C:\WINDOWS\system32\magfuevp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwnuhymx.dll
C:\WINDOWS\system32\myxiedkg.dll
C:\WINDOWS\system32\ogcqrptx.dll
C:\WINDOWS\system32\Onoonnpo.ini
C:\WINDOWS\system32\Onoonnpo.ini2
C:\WINDOWS\system32\powiogtx.ini
C:\WINDOWS\system32\seaporoo.ini
C:\WINDOWS\system32\sqcfehfw.dll
C:\WINDOWS\system32\ssmrypnp.ini
C:\WINDOWS\system32\sybhrlun.dll
C:\WINDOWS\system32\tixrdlpw.ini
C:\WINDOWS\system32\tuvvtrs.dll
C:\WINDOWS\system32\udrmhnep.ini
C:\WINDOWS\system32\uywqrntg.dll
C:\WINDOWS\system32\vpejysls.dll
C:\WINDOWS\system32\vrejhkrg.dll
C:\WINDOWS\system32\wbjqmeaq.ini
C:\WINDOWS\system32\wobpqadp.dll
C:\WINDOWS\system32\xfavhxqf.dll
C:\WINDOWS\system32\xhaechne.ini
C:\WINDOWS\system32\xijhmcve.ini
C:\WINDOWS\system32\xtgoiwop.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\yirdyues.dll
C:\WINDOWS\system32\ynpgiuyl.dll
C:\WINDOWS\system32\yskvnsal.ini
C:\WINDOWS\system32\ysyvxbwo.ini
C:\WINDOWS\system32\yttiwfht.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
.

2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:58 . 2008-04-15 12:58 <REP> d-------- C:\Program Files\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-31 07:49 . 2008-03-31 07:49 315,664 --------- C:\WINDOWS\system32\mlJBUOfD.dll
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 13:53 . 2008-03-28 13:53 315,568 --a------ C:\WINDOWS\system32\opnnoonO.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 04:35 --------- d-----w C:\Program Files\eMule
2008-04-17 00:53 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7765CA7-D33D-4A6A-8A17-564BCC3B415C}]
2008-03-28 13:53 315568 --a------ C:\WINDOWS\system32\opnnoonO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-17 10:28 3055104]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnnoonO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 12:00:00 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 10:27:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-17 10:30:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 22:29:58

Pre-Run: 12,904,787,968 octets libres
Post-Run: 13,539,024,896 octets libres
.
2008-04-17 12:20:18 --- E O F ---

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 72932
Temps écoulé: 52 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\stuffplug3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd757d4c1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnoonO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqckthta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\athtkcqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gjvvurkg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kxrhmgba.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\magfuevp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\myxiedkg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014281.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014348.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014386.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014882.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015604.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025271.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025272.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025273.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP135\A0025479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmwdlejb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\SP3.5.590.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\StuffPlug3\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bobtmoaj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBUOfD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\CASINO01.INI (Malware.Trace) -> Quarantined and deleted successfully.

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:51, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C8DBDC2-2027-46E2-894C-2267B18004A4} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: {9a0a0945-dfb5-2a4b-3474-af6a05ca80fd} - {df08ac50-a6fa-4743-b4a2-5bfd5490a0a9} - C:\WINDOWS\system32\mowekaif.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\tqckthta.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: iiffedd - iiffedd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6052 bytes

Refais un scan Combofix  

ComboFix 08-04-20.5 - Neyrat 2008-04-22 10:57:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.555 [GMT -12:00]
Endroit: E:\Loic\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\celdeaht.ini
C:\WINDOWS\system32\cqhgnavi.dll
C:\WINDOWS\system32\dxqvatfo.ini
C:\WINDOWS\system32\gdjkgywm.dll
C:\WINDOWS\system32\ggtjhsfa.ini
C:\WINDOWS\system32\hqtelocf.ini
C:\WINDOWS\system32\kshqaxyt.ini
C:\WINDOWS\system32\lievwkwu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mowekaif.dll
C:\WINDOWS\system32\rgbkijdy.ini
C:\WINDOWS\system32\uckaqfqy.dll
C:\WINDOWS\system32\udsejhgy.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 09:05 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-22 08:00 --------- d-----w C:\Program Files\eMule
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-22 11:01 3205120]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 23:00:02 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 11:00:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 11:01:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 23:01:50
ComboFix2.txt 2008-04-17 22:30:02

Pre-Run: 14,410,051,584 octets libres
Post-Run: 14,390,611,968 octets libres

211 --- E O F --- 2008-04-17 12:20:18

Re,

Télécharge Lop S&D.exe sur ton Bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Le rapport precedent venait de ComboFix, pas de Lop S&D. Faut-il que je le telecharge et que je fasse une analyse avec ?

Me suis trompé, j'ai édité  

-----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Neyrat ] [ "C:\Lop SD" ]
[ 22/04/2008 | 16:35:42,26 ] [ PC : NEYRAT-4351367C ]
[ MAJ : 21-04-2008 | 19:45 ]

-------------[ Listing des dossiers dans Application Data ]------------

[15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[13/04/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[25/01/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/01/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[25/03/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[21/04/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[26/01/2008|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/02/2008|00:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/04/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[14/02/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[11/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[26/01/2008|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2008|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\.
[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\..
[27/01/2008|08:47] C:\DOCUME~1\Neyrat\APPLIC~1\Adobe
[25/01/2008|23:19] C:\DOCUME~1\Neyrat\APPLIC~1\ATI
[25/01/2008|23:48] C:\DOCUME~1\Neyrat\APPLIC~1\desktop.ini
[25/01/2008|23:09] C:\DOCUME~1\Neyrat\APPLIC~1\Identities
[26/01/2008|00:12] C:\DOCUME~1\Neyrat\APPLIC~1\Macromedia
[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\Malwarebytes
[27/03/2008|16:44] C:\DOCUME~1\Neyrat\APPLIC~1\Microsoft
[14/04/2008|09:34] C:\DOCUME~1\Neyrat\APPLIC~1\Mozilla
[13/04/2008|12:47] C:\DOCUME~1\Neyrat\APPLIC~1\MSNInstaller
[08/03/2008|12:54] C:\DOCUME~1\Neyrat\APPLIC~1\Samsung
[11/02/2008|20:47] C:\DOCUME~1\Neyrat\APPLIC~1\SopCast
[05/02/2008|17:31] C:\DOCUME~1\Neyrat\APPLIC~1\Sun
[14/02/2008|17:53] C:\DOCUME~1\Neyrat\APPLIC~1\Type locks long
[25/01/2008|23:57] C:\DOCUME~1\Neyrat\APPLIC~1\vlc
[26/01/2008|00:26] C:\DOCUME~1\Neyrat\APPLIC~1\WinRAR
[09/04/2008|19:01] C:\DOCUME~1\Neyrat\APPLIC~1\XnView

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/04/2008 16:00][--ah-----] C:\WINDOWS\tasks\ABD0E8A3906B9E3F.job
[22/04/2008 10:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 00:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[21/04/2008|10:01] C:\Program Files\.
[21/04/2008|10:01] C:\Program Files\..
[13/04/2008|12:47] C:\Program Files\Adobe
[13/04/2008|12:46] C:\Program Files\Adobe(2)
[30/01/2008|04:34] C:\Program Files\Ahead
[25/01/2008|23:56] C:\Program Files\Alwil Software
[25/01/2008|23:38] C:\Program Files\AMD
[09/04/2008|17:48] C:\Program Files\ArcSoft
[13/04/2008|13:14] C:\Program Files\ASUS
[15/04/2008|12:57] C:\Program Files\ATI Technologies
[25/01/2008|23:47] C:\Program Files\Attansic
[09/04/2008|17:51] C:\Program Files\Canon
[15/04/2008|13:30] C:\Program Files\Circle Developement
[25/01/2008|22:58] C:\Program Files\ComPlus Applications
[30/01/2008|04:33] C:\Program Files\CyberLink DVD Solution
[14/02/2008|09:57] C:\Program Files\DirectVobSub
[13/04/2008|12:46] C:\Program Files\Disney Interactive(2)
[05/02/2008|22:25] C:\Program Files\DivX
[22/04/2008|11:21] C:\Program Files\eMule
[09/04/2008|17:49] C:\Program Files\Fichiers communs
[13/04/2008|13:11] C:\Program Files\InstallShield Installation Information
[14/04/2008|00:14] C:\Program Files\Internet Explorer
[22/03/2008|09:10] C:\Program Files\Java
[26/01/2008|02:47] C:\Program Files\KONAMI
[21/04/2008|10:01] C:\Program Files\Malwarebytes' Anti-Malware
[26/01/2008|00:42] C:\Program Files\Messenger
[29/03/2008|12:00] C:\Program Files\Messenger Plus! Live
[25/01/2008|23:02] C:\Program Files\microsoft frontpage
[26/01/2008|04:14] C:\Program Files\Microsoft Office
[26/01/2008|04:13] C:\Program Files\Microsoft Visual Studio
[26/01/2008|04:11] C:\Program Files\Microsoft Visual Studio 8
[26/01/2008|04:14] C:\Program Files\Microsoft Works
[26/01/2008|04:13] C:\Program Files\Microsoft.NET
[25/01/2008|22:59] C:\Program Files\Movie Maker
[22/04/2008|11:03] C:\Program Files\Mozilla Firefox
[14/04/2008|12:43] C:\Program Files\MSBuild
[04/02/2008|15:31] C:\Program Files\MSN
[25/01/2008|22:57] C:\Program Files\MSN Gaming Zone
[10/03/2008|00:01] C:\Program Files\MSXML 4.0
[17/04/2008|00:20] C:\Program Files\MSXML 6.0
[25/01/2008|23:18] C:\Program Files\My Company Name
[25/01/2008|22:59] C:\Program Files\NetMeeting
[25/01/2008|22:57] C:\Program Files\Online Services
[26/01/2008|00:42] C:\Program Files\Outlook Express
[30/01/2008|04:03] C:\Program Files\PronoFoot Expert Plus
[13/04/2008|12:46] C:\Program Files\QuickTime(2)
[25/01/2008|23:45] C:\Program Files\Realtek
[14/04/2008|12:40] C:\Program Files\Reference Assemblies
[08/03/2008|12:21] C:\Program Files\Samsung
[09/04/2008|17:49] C:\Program Files\ScanSoft
[25/01/2008|23:00] C:\Program Files\Services en ligne
[14/02/2008|19:27] C:\Program Files\SopCast
[11/03/2008|15:21] C:\Program Files\Spybot - Search & Destroy
[14/04/2008|22:44] C:\Program Files\Trend Micro
[24/02/2008|18:59] C:\Program Files\TVAnts
[14/02/2008|17:52] C:\Program Files\Type locks long
[25/01/2008|23:09] C:\Program Files\Uninstall Information
[01/10/2004|02:00] C:\Program Files\Uninstall_CDS.exe
[26/01/2008|02:58] C:\Program Files\USB Vibration
[13/02/2008|10:03] C:\Program Files\Veoh Networks
[25/01/2008|23:39] C:\Program Files\VIA
[25/01/2008|23:57] C:\Program Files\VideoLAN
[26/02/2008|23:13] C:\Program Files\Winamp
[26/01/2008|00:06] C:\Program Files\Windows Live
[26/01/2008|00:12] C:\Program Files\Windows Media Player
[25/01/2008|22:57] C:\Program Files\Windows NT
[25/01/2008|23:00] C:\Program Files\WindowsUpdate
[25/01/2008|23:55] C:\Program Files\WinRAR
[25/01/2008|23:02] C:\Program Files\xerox
[30/01/2008|20:51] C:\Program Files\XnView

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[09/04/2008|17:49] C:\Program Files\Fichiers communs\.
[09/04/2008|17:49] C:\Program Files\Fichiers communs\..
[13/04/2008|12:46] C:\Program Files\Fichiers communs\Adobe
[30/01/2008|04:33] C:\Program Files\Fichiers communs\Ahead
[25/01/2008|23:15] C:\Program Files\Fichiers communs\ATI Technologies
[26/01/2008|04:13] C:\Program Files\Fichiers communs\DESIGNER
[25/01/2008|23:12] C:\Program Files\Fichiers communs\InstallShield
[05/02/2008|17:30] C:\Program Files\Fichiers communs\Java
[15/04/2008|12:43] C:\Program Files\Fichiers communs\Microsoft Shared
[25/01/2008|22:59] C:\Program Files\Fichiers communs\MSSoap
[25/01/2008|23:48] C:\Program Files\Fichiers communs\ODBC
[13/04/2008|12:47] C:\Program Files\Fichiers communs\ScanSoft Shared
[25/01/2008|22:59] C:\Program Files\Fichiers communs\Services
[25/01/2008|23:48] C:\Program Files\Fichiers communs\SpeechEngines
[26/01/2008|04:11] C:\Program Files\Fichiers communs\System
[26/01/2008|00:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\More Math.exe
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok Eggs Four Web"="C:\\Documents and Settings\\All Users\\Application Data\\part dead amok eggs\\More Math.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 16:36:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:4][Doss:3] C:\DOCUME~1\Neyrat\LOCALS~1\Temp
/!\ [Fich:203][Doss:0] C:\DOCUME~1\Neyrat\Cookies
/!\ [Fich:221][Doss:15] C:\DOCUME~1\Neyrat\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 16:37:12,21 ]----------------------

PS : Pendant la recherche de Lop, avast m'a signalé par 2 messages un trojan, j'ai choisi l'option ne rien faire.

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

-----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Neyrat ] [ "C:\Lop SD" ]
[ 22/04/2008 | 18:16:59,68 ] [ PC : NEYRAT-4351367C ]
[ MAJ : 21-04-2008 | 19:45 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs\More Math.exe
Supprimé! - C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
Supprimé! - C:\Program Files\Circle Developement

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[22/04/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[22/04/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[13/04/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[25/01/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/01/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[25/03/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[21/04/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[26/01/2008|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/02/2008|00:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/04/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[11/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[26/01/2008|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[25/01/2008|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/01/2008|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[25/01/2008|23:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[25/01/2008|23:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\.
[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\..
[27/01/2008|08:47] C:\DOCUME~1\Neyrat\APPLIC~1\Adobe
[25/01/2008|23:19] C:\DOCUME~1\Neyrat\APPLIC~1\ATI
[25/01/2008|23:48] C:\DOCUME~1\Neyrat\APPLIC~1\desktop.ini
[25/01/2008|23:09] C:\DOCUME~1\Neyrat\APPLIC~1\Identities
[26/01/2008|00:12] C:\DOCUME~1\Neyrat\APPLIC~1\Macromedia
[21/04/2008|10:01] C:\DOCUME~1\Neyrat\APPLIC~1\Malwarebytes
[27/03/2008|16:44] C:\DOCUME~1\Neyrat\APPLIC~1\Microsoft
[14/04/2008|09:34] C:\DOCUME~1\Neyrat\APPLIC~1\Mozilla
[13/04/2008|12:47] C:\DOCUME~1\Neyrat\APPLIC~1\MSNInstaller
[08/03/2008|12:54] C:\DOCUME~1\Neyrat\APPLIC~1\Samsung
[11/02/2008|20:47] C:\DOCUME~1\Neyrat\APPLIC~1\SopCast
[05/02/2008|17:31] C:\DOCUME~1\Neyrat\APPLIC~1\Sun
[14/02/2008|17:53] C:\DOCUME~1\Neyrat\APPLIC~1\Type locks long
[25/01/2008|23:57] C:\DOCUME~1\Neyrat\APPLIC~1\vlc
[26/01/2008|00:26] C:\DOCUME~1\Neyrat\APPLIC~1\WinRAR
[09/04/2008|19:01] C:\DOCUME~1\Neyrat\APPLIC~1\XnView

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/04/2008 10:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 00:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[22/04/2008|18:17] C:\Program Files\.
[22/04/2008|18:17] C:\Program Files\..
[13/04/2008|12:47] C:\Program Files\Adobe
[13/04/2008|12:46] C:\Program Files\Adobe(2)
[30/01/2008|04:34] C:\Program Files\Ahead
[25/01/2008|23:56] C:\Program Files\Alwil Software
[25/01/2008|23:38] C:\Program Files\AMD
[09/04/2008|17:48] C:\Program Files\ArcSoft
[13/04/2008|13:14] C:\Program Files\ASUS
[15/04/2008|12:57] C:\Program Files\ATI Technologies
[25/01/2008|23:47] C:\Program Files\Attansic
[09/04/2008|17:51] C:\Program Files\Canon
[25/01/2008|22:58] C:\Program Files\ComPlus Applications
[30/01/2008|04:33] C:\Program Files\CyberLink DVD Solution
[14/02/2008|09:57] C:\Program Files\DirectVobSub
[13/04/2008|12:46] C:\Program Files\Disney Interactive(2)
[05/02/2008|22:25] C:\Program Files\DivX
[22/04/2008|11:21] C:\Program Files\eMule
[09/04/2008|17:49] C:\Program Files\Fichiers communs
[13/04/2008|13:11] C:\Program Files\InstallShield Installation Information
[14/04/2008|00:14] C:\Program Files\Internet Explorer
[22/03/2008|09:10] C:\Program Files\Java
[26/01/2008|02:47] C:\Program Files\KONAMI
[21/04/2008|10:01] C:\Program Files\Malwarebytes' Anti-Malware
[26/01/2008|00:42] C:\Program Files\Messenger
[29/03/2008|12:00] C:\Program Files\Messenger Plus! Live
[25/01/2008|23:02] C:\Program Files\microsoft frontpage
[26/01/2008|04:14] C:\Program Files\Microsoft Office
[26/01/2008|04:13] C:\Program Files\Microsoft Visual Studio
[26/01/2008|04:11] C:\Program Files\Microsoft Visual Studio 8
[26/01/2008|04:14] C:\Program Files\Microsoft Works
[26/01/2008|04:13] C:\Program Files\Microsoft.NET
[25/01/2008|22:59] C:\Program Files\Movie Maker
[22/04/2008|11:03] C:\Program Files\Mozilla Firefox
[14/04/2008|12:43] C:\Program Files\MSBuild
[04/02/2008|15:31] C:\Program Files\MSN
[25/01/2008|22:57] C:\Program Files\MSN Gaming Zone
[10/03/2008|00:01] C:\Program Files\MSXML 4.0
[17/04/2008|00:20] C:\Program Files\MSXML 6.0
[25/01/2008|23:18] C:\Program Files\My Company Name
[25/01/2008|22:59] C:\Program Files\NetMeeting
[25/01/2008|22:57] C:\Program Files\Online Services
[26/01/2008|00:42] C:\Program Files\Outlook Express
[30/01/2008|04:03] C:\Program Files\PronoFoot Expert Plus
[13/04/2008|12:46] C:\Program Files\QuickTime(2)
[25/01/2008|23:45] C:\Program Files\Realtek
[14/04/2008|12:40] C:\Program Files\Reference Assemblies
[08/03/2008|12:21] C:\Program Files\Samsung
[09/04/2008|17:49] C:\Program Files\ScanSoft
[25/01/2008|23:00] C:\Program Files\Services en ligne
[14/02/2008|19:27] C:\Program Files\SopCast
[11/03/2008|15:21] C:\Program Files\Spybot - Search & Destroy
[14/04/2008|22:44] C:\Program Files\Trend Micro
[24/02/2008|18:59] C:\Program Files\TVAnts
[14/02/2008|17:52] C:\Program Files\Type locks long
[25/01/2008|23:09] C:\Program Files\Uninstall Information
[01/10/2004|02:00] C:\Program Files\Uninstall_CDS.exe
[26/01/2008|02:58] C:\Program Files\USB Vibration
[13/02/2008|10:03] C:\Program Files\Veoh Networks
[25/01/2008|23:39] C:\Program Files\VIA
[25/01/2008|23:57] C:\Program Files\VideoLAN
[26/02/2008|23:13] C:\Program Files\Winamp
[26/01/2008|00:06] C:\Program Files\Windows Live
[26/01/2008|00:12] C:\Program Files\Windows Media Player
[25/01/2008|22:57] C:\Program Files\Windows NT
[25/01/2008|23:00] C:\Program Files\WindowsUpdate
[25/01/2008|23:55] C:\Program Files\WinRAR
[25/01/2008|23:02] C:\Program Files\xerox
[30/01/2008|20:51] C:\Program Files\XnView

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[09/04/2008|17:49] C:\Program Files\Fichiers communs\.
[09/04/2008|17:49] C:\Program Files\Fichiers communs\..
[13/04/2008|12:46] C:\Program Files\Fichiers communs\Adobe
[30/01/2008|04:33] C:\Program Files\Fichiers communs\Ahead
[25/01/2008|23:15] C:\Program Files\Fichiers communs\ATI Technologies
[26/01/2008|04:13] C:\Program Files\Fichiers communs\DESIGNER
[25/01/2008|23:12] C:\Program Files\Fichiers communs\InstallShield
[05/02/2008|17:30] C:\Program Files\Fichiers communs\Java
[15/04/2008|12:43] C:\Program Files\Fichiers communs\Microsoft Shared
[25/01/2008|22:59] C:\Program Files\Fichiers communs\MSSoap
[25/01/2008|23:48] C:\Program Files\Fichiers communs\ODBC
[13/04/2008|12:47] C:\Program Files\Fichiers communs\ScanSoft Shared
[25/01/2008|22:59] C:\Program Files\Fichiers communs\Services
[25/01/2008|23:48] C:\Program Files\Fichiers communs\SpeechEngines
[26/01/2008|04:11] C:\Program Files\Fichiers communs\System
[26/01/2008|00:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:17:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:4][Doss:3] C:\DOCUME~1\Neyrat\LOCALS~1\Temp
/!\ [Fich:206][Doss:0] C:\DOCUME~1\Neyrat\Cookies
/!\ [Fich:288][Doss:15] C:\DOCUME~1\Neyrat\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 18:18:12,98 ]----------------------

Refais un scan Combofix  

ComboFix 08-04-20.5 - Neyrat 2008-04-23 12:01:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.652 [GMT -12:00]
Endroit: E:\Loic\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 16:35 . 2008-04-22 18:18 <REP> d-------- C:\Lop SD
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Loïc CV.docx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 06:02 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-22 23:21 --------- d-----w C:\Program Files\eMule
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 20:39:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 20:39:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 12:02:40
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 12:03:10
ComboFix-quarantined-files.txt 2008-04-24 00:03:06
ComboFix2.txt 2008-04-22 23:01:53
ComboFix3.txt 2008-04-17 22:30:02

Pre-Run: 14,330,839,040 octets libres
Post-Run: 14,324,379,648 octets libres

173 --- E O F --- 2008-04-17 12:20:18

C'est bon alors d'après le rapport ? Le pc n'est plus infecté ?
Merci.

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Il n'y a pas eu de redémarrage.

Voici le rapport Combofix :

ComboFix 08-04-20.5 - Neyrat 2008-04-27 15:29:36.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.545 [GMT -12:00]
Endroit: E:\Loic\ComboFix.exe
Command switches used :: C:\Documents and Settings\Neyrat\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\bfsgkpju.ini
C:\WINDOWS\system32\iqcaxucl.ini
C:\WINDOWS\system32\ssqOEUmJ.dll
C:\WINDOWS\system32\ssqOIAQh.dll
C:\WINDOWS\system32\tqckthta.dll
C:\WINDOWS\system32\wfvvlpgj.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\0
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\bxamgpjb.exe
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Loud Drive Intra.exe
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\shwuxtyk.exe
C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\test meta first fast.exe
C:\WINDOWS\system32\bfsgkpju.ini
C:\WINDOWS\system32\iqcaxucl.ini
C:\WINDOWS\system32\ssqOEUmJ.dll
C:\WINDOWS\system32\ssqOIAQh.dll
C:\WINDOWS\system32\wfvvlpgj.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 16:35 . 2008-04-22 18:18 <REP> d-------- C:\Lop SD
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:48 --------- d-----w C:\Program Files\eMule
2008-04-26 04:34 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 20:19:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-17 22:27:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
+ 2008-04-27 20:19:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 15:30:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-27 15:31:19
ComboFix-quarantined-files.txt 2008-04-28 03:31:10
ComboFix2.txt 2008-04-24 00:03:11
ComboFix3.txt 2008-04-22 23:01:53
ComboFix4.txt 2008-04-17 22:30:02

Pre-Run: 14,400,544,768 octets libres
Post-Run: 14,385,430,528 octets libres

181 --- E O F --- 2008-04-17 12:20:18



Puis le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:55, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5206 bytes

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Avira AntiVir Personal
Report file date: mardi 6 mai 2008 13:56

Scanning for 1253212 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Neyrat
Computer name: NEYRAT-4351367C

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 07/05/2008 01:54:46
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/05/2008 01:54:46
LUKE.DLL : 8.1.2.9 151809 Bytes 07/05/2008 01:54:46
LUKERES.DLL : 8.1.2.1 12033 Bytes 07/05/2008 01:54:46
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 03:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:54:46
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 01:54:46
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 01:54:46
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 07/05/2008 01:54:47
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 07/05/2008 01:54:47
AESCN.DLL : 8.1.0.15 119157 Bytes 07/05/2008 01:54:47
AERDL.DLL : 8.1.0.20 418165 Bytes 07/05/2008 01:54:47
AEPACK.DLL : 8.1.1.4 364918 Bytes 07/05/2008 01:54:47
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/05/2008 01:54:47
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 07/05/2008 01:54:47
AEHELP.DLL : 8.1.0.14 115063 Bytes 07/05/2008 01:54:47
AEGEN.DLL : 8.1.0.18 299381 Bytes 07/05/2008 01:54:46
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/05/2008 01:54:46
AECORE.DLL : 8.1.0.27 168310 Bytes 07/05/2008 01:54:46
AVWINLL.DLL : 1.0.0.7 14593 Bytes 07/05/2008 01:54:46
AVPREF.DLL : 8.0.0.1 25857 Bytes 07/05/2008 01:54:46
AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 02:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 07/05/2008 01:54:46
AVARKT.DLL : 1.0.0.23 307457 Bytes 07/05/2008 01:54:46
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 07/05/2008 01:54:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 07/05/2008 01:54:46
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 07/05/2008 01:54:46
NETNT.DLL : 8.0.0.1 7937 Bytes 07/05/2008 01:54:46
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 07/05/2008 01:54:41
RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/05/2008 01:54:41

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 6 mai 2008 13:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Loud Drive Intra.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\shwuxtyk.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\test meta first fast.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\buarpliw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cqhgnavi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\gdjkgywm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\jcaxtxuv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mowekaif.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mwnuhymx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ogcqrptx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sqcfehfw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOEUmJ.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOIAQh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\sybhrlun.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\uckaqfqy.dll.vir
[DETECTION] Is the Trojan horse TR/PCK.Monder.96320.2
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\uywqrntg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vrejhkrg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\wobpqadp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\xfavhxqf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\xtgoiwop.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\yirdyues.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\yttiwfht.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
Begin scan in 'E:\' <Données>


End of the scan: mardi 6 mai 2008 14:14
Used time: 17:35 min

The scan has been done completely.

4661 Scanning directories
144923 Files were scanned
23 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
23 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
144900 Files not concerned
1048 Archives were scanned
1 Warnings
23 Notes

Reposte un rapport Hijackthis  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:13, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5623 bytes

Encore des problèmes ?

Non apparemment tout est ok, même d'autres problèmes moins importants se sont réglés grâce à tes manips. Je te remercie pour le temps passé à m'aider. Bonne continuation  

Bon surf