Se connecter / S'enregistrer
Votre question

Trojan [RESOLU]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Décembre 2008 13:26:20

Bonjour alors voila j' ai un cheval de troie qui se nomme dskquota32.dll et qui est consideré comme un generic downloader par mon anti virus (virus scan entreprise 7.1), mon anti virus le detecte mais il ne peut ni le nettoyer ni le supprimer. le cheval de troie se trouve dans C:/WINDOWS/system32, j' ai tenté de le supprimer manuellement mais sa me dit que "le disque est peut etre protegé en ecriture ou est utilisé actuellement". J' ai voulut formater mon disque local C mais impossible de le faire (grace au clique droit de la souris => formater)

Donc si quelqu' un aurait une solution et bah je suis preneur !!

merci bien

Autres pages sur : trojan resolu

a b 8 Sécurité
22 Décembre 2008 14:21:29

Bonjour,

Tu as essayé en mode sans échec ?
22 Décembre 2008 14:29:58

oui j' ai deja tester mais toujours le meme probleme un message disant "disque proteger en ecriture ou actuellement utilisé"
Contenus similaires
22 Décembre 2008 16:22:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:09, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Clem\Bureau\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Clem\LOCALS~1\Temp\is-LOJD9.tmp\mbam-setup.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelcome/registration.asp?i...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\System32\dskquota32.dll
O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 9583 bytes
a b 8 Sécurité
22 Décembre 2008 17:16:38

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Décembre 2008 17:36:58

    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Clem\Application Data\020000007fbff3a7511C.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511O.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511P.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511S.manifest
    c:\windows\GnuHashes.ini
    c:\windows\system32\8.tmp
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\GroupPolicyManifest
    c:\windows\system32\GroupPolicyManifest\1.music.mp3
    c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
    c:\windows\system32\GroupPolicyManifest\10.setup.zip
    c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
    c:\windows\system32\GroupPolicyManifest\11.unpack.zip
    c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
    c:\windows\system32\GroupPolicyManifest\12.limepro.zip
    c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
    c:\windows\system32\GroupPolicyManifest\13.keygen.zip
    c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
    c:\windows\system32\GroupPolicyManifest\2.crack.zip
    c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
    c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
    c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
    c:\windows\system32\GroupPolicyManifest\9.remix.mp3
    c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-22 16:26 . 2008-12-22 16:26 <REP> d-------- c:\documents and settings\Clem\Application Data\Malwarebytes
    2008-12-22 16:10 . 2008-12-22 16:12 1,388,544 --a------ c:\windows\system32\MSVBVM60.DLL
    2008-12-22 16:05 . 2008-12-22 16:05 <REP> d-------- c:\program files\Trend Micro
    2008-12-22 15:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-22 15:51 . 2008-12-22 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-22 15:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-22 13:42 . 2008-12-22 15:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage réseau
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage d'impression
    2008-12-22 12:33 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Modèles
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Mes documents
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur.SEMPER\Menu Démarrer
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Favoris
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Bureau
    2008-12-22 12:33 . 2008-12-22 12:33 <REP> d-------- c:\documents and settings\Administrateur.SEMPER
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-22 12:03 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-22 12:03 . 2008-12-22 12:04 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-22 11:55 . 2008-12-22 11:55 <REP> d-------- c:\documents and settings\LocalService\Application Data\Xfire
    2008-12-22 00:54 . 2008-12-22 00:54 <REP> d-------- c:\program files\CCleaner
    2008-12-21 23:56 . 2008-12-21 23:56 114,142 --a------ c:\program files\keygenIRC.zip
    2008-12-21 23:55 . 2008-12-21 23:55 373,760 --ahs---- c:\windows\system32\2B0.tmp
    2008-12-21 23:55 . 2008-12-22 12:53 135,168 --a------ c:\windows\system32\dskquota32.dll
    2008-12-21 19:53 . 2008-12-21 19:53 <REP> d-------- c:\program files\MSBuild
    2008-12-21 19:52 . 2008-12-21 19:55 <REP> d-------- c:\windows\system32\XPSViewer
    2008-12-21 19:51 . 2008-12-21 19:51 <REP> d-------- c:\program files\Reference Assemblies
    2008-12-21 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\system32\xlive
    2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\Logs
    2008-12-21 19:33 . 2008-12-21 20:05 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
    2008-12-21 19:33 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
    2008-12-21 19:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
    2008-12-21 19:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
    2008-12-21 19:33 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
    2008-12-14 22:14 . 2008-12-22 17:21 <REP> d-------- C:\quarantine
    2008-12-14 16:40 . 2008-12-19 06:53 <REP> d-------- c:\documents and settings\Clem\Application Data\Hamachi
    2008-12-14 16:40 . 2008-12-14 16:40 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
    2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
    2008-12-01 23:07 . 2008-12-20 19:07 <REP> d-------- c:\program files\@
    2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
    2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2008-11-24 19:51 . 2008-12-22 11:53 <REP> d-------- c:\program files\mIRC GMS
    2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a------ c:\windows\system32\hpgt34tk.dll
    2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a--c--- c:\windows\system32\dllcache\hpgt34tk.dll
    2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a------ c:\windows\system32\hpgt34.dll
    2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a--c--- c:\windows\system32\dllcache\hpgt34.dll
    2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
    2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
    2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a------ c:\windows\system32\hpgtmcro.dll
    2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a--c--- c:\windows\system32\dllcache\hpgtmcro.dll
    2008-11-23 10:18 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2008-11-23 10:18 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 14:57 --------- d-----w c:\program files\Steam
    2008-12-21 23:07 --------- d-----w c:\documents and settings\Clem\Application Data\LimeWire
    2008-12-21 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-21 18:35 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    2008-12-19 03:57 --------- d-----w c:\program files\Xfire
    2008-12-18 18:00 --------- d-----w c:\documents and settings\Clem\Application Data\Xfire
    2008-11-20 21:45 --------- d-----w c:\documents and settings\Clem\Application Data\Desktopicon
    2008-11-20 21:41 --------- d-----w c:\program files\Vdownloader
    2008-11-14 16:00 --------- d-----w c:\program files\SystemRequirementsLab
    2008-11-08 13:18 --------- d-----w c:\program files\Windows Media Connect 2
    2008-11-08 13:18 --------- d-----w c:\program files\LimeWire
    2008-11-05 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-11-05 16:43 --------- d-----w c:\program files\NOS
    2008-11-05 14:41 --------- d-----w c:\program files\RocketDock
    2008-11-05 14:17 --------- d-----w c:\program files\photoshop
    2008-11-05 14:14 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-29 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
    2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-21 17:44 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
    2006-06-23 06:48 32,768 ------r c:\windows\inf\UpdateUSB.exe
    2005-12-08 11:26 704,512 ----a-w c:\documents and settings\creative\ShCtMtp.dll
    2005-12-02 13:27 303,104 ----a-w c:\documents and settings\creative\CTConfig.dll
    2005-11-21 16:15 233,472 ------w c:\documents and settings\Auto Tag Cleaner\CTCleanU.exe
    2005-10-19 15:27 172,032 ------w c:\documents and settings\Video Converter\CtConvU.exe
    2005-10-19 08:10 266,240 ------w c:\documents and settings\Video Converter\HookWndU.dll
    2005-10-11 17:28 245,760 ----a-w c:\documents and settings\creative\CTImpt3u.exe
    2005-10-11 13:18 57,344 ----a-w c:\documents and settings\creative\VIDef.dll
    2005-09-30 16:28 663,552 ----a-w c:\documents and settings\creative\PicRc.dll
    2005-09-21 09:33 262,144 ------w c:\documents and settings\Auto Tag Cleaner\HookWndU.dll
    2005-09-20 13:20 172,032 ----a-w c:\documents and settings\creative\CtMtpRc.dll
    2005-09-12 17:08 106,496 ----a-w c:\documents and settings\creative\CTPlyLsU.exe
    2005-09-06 13:36 217,088 ----a-w c:\documents and settings\creative\HomeRc.dll
    2005-08-23 15:20 106,496 ----a-w c:\documents and settings\creative\HookWndU.dll
    2005-08-02 19:17 40,448 ----a-w c:\documents and settings\creative\MFInfou.dll
    2005-07-14 07:46 249,856 ----a-w c:\documents and settings\creative\CTPIMu.exe
    2005-07-13 16:20 266,240 ------w c:\documents and settings\Video Converter\CTAboutu.dll
    2005-07-13 16:20 266,240 ------w c:\documents and settings\Auto Tag Cleaner\CTAboutu.dll
    2005-04-26 09:59 40,960 ----a-w c:\documents and settings\creative\CTSUAppu.exe
    2005-04-26 08:06 86,016 ----a-w c:\documents and settings\creative\QueTray.exe
    2005-04-25 09:50 16,384 ----a-w c:\documents and settings\creative\GenreRc.dll
    2005-04-18 17:46 53,248 ----a-w c:\documents and settings\creative\CTSUSDKu.dll
    2005-03-31 16:54 266,240 ----a-w c:\documents and settings\creative\CTAboutu.dll
    2005-03-07 01:00 65,536 ----a-w c:\documents and settings\creative\CTIntrfu.dll
    2005-03-07 01:00 65,536 ------w c:\documents and settings\Auto Tag Cleaner\CTIntrfu.dll
    2005-03-07 00:00 23,552 ----a-w c:\documents and settings\creative\CTRegSvu.exe
    2005-03-07 00:00 23,552 ------w c:\documents and settings\Auto Tag Cleaner\CTRegSvu.exe
    2005-02-26 13:12 102,400 ------w c:\documents and settings\Auto Tag Cleaner\DXFingerprint.dll
    2004-12-15 06:44 102,400 ----a-w c:\documents and settings\creative\ModeHlp.dll
    2004-09-20 08:09 86,016 ------w c:\documents and settings\Auto Tag Cleaner\CTXMLPsu.dll
    2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdflnk.exe
    2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdfErr.exe
    2008-08-30 09:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Steam"="c:\program files\steam\steam.exe" [2008-12-19 1410296]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "RGSC"="f:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-21 306088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-10 20480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Clem\Menu D‚marrer\Programmes\D‚marrage\
    Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
    2008-12-22 12:53 135168 c:\windows\system32\dskquota32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\dskquota32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\K!TV\\K!TV.exe"=
    "c:\\Program Files\\MyFreeTV\\MyFreeTV.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\day of defeat source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\insurgency\\hl2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\age of chivalry\\hl2.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\mIRC GMS\\mIRC.exe"=
    "f:\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "f:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
    "f:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-12 1121536]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-12 93696]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-07-21 152576]

    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://lo.st
    uInternet Connection Wizard,ShellNext = hxxp://ati.amd.com/online/cccwelcome/registration.asp?id=1
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
    hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
    c:\windows\Downloaded Program Files\sysreqlab.osd
    FF - ProfilePath - c:\documents and settings\Clem\Application Data\Mozilla\Firefox\Profiles\ajiadmda.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-22 17:34:09
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\System32\dskquota32.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(780)
    c:\windows\System32\dskquota32.dll
    .
    Heure de fin: 2008-12-22 17:34:40
    ComboFix-quarantined-files.txt 2008-12-22 16:34:35

    Avant-CF: 38 222 835 712 octets libres
    Après-CF: 39,130,976,256 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""
    a b 8 Sécurité
    22 Décembre 2008 21:25:33

    Reposte un rapport Hijackthis.
    22 Décembre 2008 23:33:41

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:32:48, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelcome/registration.asp?i...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
    O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
    O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
    O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
    O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dskquota32.dll
    O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 8888 bytes
    a b 8 Sécurité
    23 Décembre 2008 16:06:39

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\program files\keygenIRC.zip
    c:\windows\system32\dskquota32.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    23 Décembre 2008 18:01:59

    Rapport combofix:

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Clem\Application Data\020000007fbff3a7511C.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511O.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511P.manifest
    c:\documents and settings\Clem\Application Data\020000007fbff3a7511S.manifest
    c:\windows\GnuHashes.ini
    c:\windows\system32\8.tmp
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\GroupPolicyManifest
    c:\windows\system32\GroupPolicyManifest\1.music.mp3
    c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
    c:\windows\system32\GroupPolicyManifest\10.setup.zip
    c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
    c:\windows\system32\GroupPolicyManifest\11.unpack.zip
    c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
    c:\windows\system32\GroupPolicyManifest\12.limepro.zip
    c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
    c:\windows\system32\GroupPolicyManifest\13.keygen.zip
    c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
    c:\windows\system32\GroupPolicyManifest\2.crack.zip
    c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
    c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
    c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
    c:\windows\system32\GroupPolicyManifest\9.remix.mp3
    c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-22 16:26 . 2008-12-22 16:26 <REP> d-------- c:\documents and settings\Clem\Application Data\Malwarebytes
    2008-12-22 16:10 . 2008-12-22 16:12 1,388,544 --a------ c:\windows\system32\MSVBVM60.DLL
    2008-12-22 16:05 . 2008-12-22 16:05 <REP> d-------- c:\program files\Trend Micro
    2008-12-22 15:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-22 15:51 . 2008-12-22 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-22 15:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-22 13:42 . 2008-12-22 15:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage réseau
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Voisinage d'impression
    2008-12-22 12:33 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur.SEMPER\Modèles
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Mes documents
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur.SEMPER\Menu Démarrer
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Favoris
    2008-12-22 12:33 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur.SEMPER\Bureau
    2008-12-22 12:33 . 2008-12-22 12:33 <REP> d-------- c:\documents and settings\Administrateur.SEMPER
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-22 12:03 . 2008-07-12 13:06 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-22 12:03 . 2008-07-12 15:02 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-22 12:03 . 2008-12-22 12:04 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-22 11:55 . 2008-12-22 11:55 <REP> d-------- c:\documents and settings\LocalService\Application Data\Xfire
    2008-12-22 00:54 . 2008-12-22 00:54 <REP> d-------- c:\program files\CCleaner
    2008-12-21 23:56 . 2008-12-21 23:56 114,142 --a------ c:\program files\keygenIRC.zip
    2008-12-21 23:55 . 2008-12-21 23:55 373,760 --ahs---- c:\windows\system32\2B0.tmp
    2008-12-21 23:55 . 2008-12-22 12:53 135,168 --a------ c:\windows\system32\dskquota32.dll
    2008-12-21 19:53 . 2008-12-21 19:53 <REP> d-------- c:\program files\MSBuild
    2008-12-21 19:52 . 2008-12-21 19:55 <REP> d-------- c:\windows\system32\XPSViewer
    2008-12-21 19:51 . 2008-12-21 19:51 <REP> d-------- c:\program files\Reference Assemblies
    2008-12-21 19:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\system32\xlive
    2008-12-21 19:33 . 2008-12-21 19:33 <REP> d-------- c:\windows\Logs
    2008-12-21 19:33 . 2008-12-21 20:05 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
    2008-12-21 19:33 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
    2008-12-21 19:33 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
    2008-12-21 19:33 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
    2008-12-21 19:33 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
    2008-12-14 22:14 . 2008-12-22 17:21 <REP> d-------- C:\quarantine
    2008-12-14 16:40 . 2008-12-19 06:53 <REP> d-------- c:\documents and settings\Clem\Application Data\Hamachi
    2008-12-14 16:40 . 2008-12-14 16:40 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
    2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
    2008-12-01 23:07 . 2008-12-20 19:07 <REP> d-------- c:\program files\@
    2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
    2008-11-30 22:21 . 2008-04-13 20:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2008-11-24 19:51 . 2008-12-22 11:53 <REP> d-------- c:\program files\mIRC GMS
    2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a------ c:\windows\system32\hpgt34tk.dll
    2008-11-24 09:34 . 2001-08-23 17:47 126,976 --a--c--- c:\windows\system32\dllcache\hpgt34tk.dll
    2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a------ c:\windows\system32\hpgt34.dll
    2008-11-24 09:34 . 2001-08-23 17:47 101,376 --a--c--- c:\windows\system32\dllcache\hpgt34.dll
    2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
    2008-11-24 09:34 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
    2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a------ c:\windows\system32\hpgtmcro.dll
    2008-11-24 09:34 . 2001-08-23 17:47 32,768 --a--c--- c:\windows\system32\dllcache\hpgtmcro.dll
    2008-11-23 10:18 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2008-11-23 10:18 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2008-11-23 10:18 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 14:57 --------- d-----w c:\program files\Steam
    2008-12-21 23:07 --------- d-----w c:\documents and settings\Clem\Application Data\LimeWire
    2008-12-21 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-21 18:35 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    2008-12-19 03:57 --------- d-----w c:\program files\Xfire
    2008-12-18 18:00 --------- d-----w c:\documents and settings\Clem\Application Data\Xfire
    2008-11-20 21:45 --------- d-----w c:\documents and settings\Clem\Application Data\Desktopicon
    2008-11-20 21:41 --------- d-----w c:\program files\Vdownloader
    2008-11-14 16:00 --------- d-----w c:\program files\SystemRequirementsLab
    2008-11-08 13:18 --------- d-----w c:\program files\Windows Media Connect 2
    2008-11-08 13:18 --------- d-----w c:\program files\LimeWire
    2008-11-05 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-11-05 16:43 --------- d-----w c:\program files\NOS
    2008-11-05 14:41 --------- d-----w c:\program files\RocketDock
    2008-11-05 14:17 --------- d-----w c:\program files\photoshop
    2008-11-05 14:14 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-29 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
    2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-21 17:44 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
    2006-06-23 06:48 32,768 ------r c:\windows\inf\UpdateUSB.exe
    2005-12-08 11:26 704,512 ----a-w c:\documents and settings\creative\ShCtMtp.dll
    2005-12-02 13:27 303,104 ----a-w c:\documents and settings\creative\CTConfig.dll
    2005-11-21 16:15 233,472 ------w c:\documents and settings\Auto Tag Cleaner\CTCleanU.exe
    2005-10-19 15:27 172,032 ------w c:\documents and settings\Video Converter\CtConvU.exe
    2005-10-19 08:10 266,240 ------w c:\documents and settings\Video Converter\HookWndU.dll
    2005-10-11 17:28 245,760 ----a-w c:\documents and settings\creative\CTImpt3u.exe
    2005-10-11 13:18 57,344 ----a-w c:\documents and settings\creative\VIDef.dll
    2005-09-30 16:28 663,552 ----a-w c:\documents and settings\creative\PicRc.dll
    2005-09-21 09:33 262,144 ------w c:\documents and settings\Auto Tag Cleaner\HookWndU.dll
    2005-09-20 13:20 172,032 ----a-w c:\documents and settings\creative\CtMtpRc.dll
    2005-09-12 17:08 106,496 ----a-w c:\documents and settings\creative\CTPlyLsU.exe
    2005-09-06 13:36 217,088 ----a-w c:\documents and settings\creative\HomeRc.dll
    2005-08-23 15:20 106,496 ----a-w c:\documents and settings\creative\HookWndU.dll
    2005-08-02 19:17 40,448 ----a-w c:\documents and settings\creative\MFInfou.dll
    2005-07-14 07:46 249,856 ----a-w c:\documents and settings\creative\CTPIMu.exe
    2005-07-13 16:20 266,240 ------w c:\documents and settings\Video Converter\CTAboutu.dll
    2005-07-13 16:20 266,240 ------w c:\documents and settings\Auto Tag Cleaner\CTAboutu.dll
    2005-04-26 09:59 40,960 ----a-w c:\documents and settings\creative\CTSUAppu.exe
    2005-04-26 08:06 86,016 ----a-w c:\documents and settings\creative\QueTray.exe
    2005-04-25 09:50 16,384 ----a-w c:\documents and settings\creative\GenreRc.dll
    2005-04-18 17:46 53,248 ----a-w c:\documents and settings\creative\CTSUSDKu.dll
    2005-03-31 16:54 266,240 ----a-w c:\documents and settings\creative\CTAboutu.dll
    2005-03-07 01:00 65,536 ----a-w c:\documents and settings\creative\CTIntrfu.dll
    2005-03-07 01:00 65,536 ------w c:\documents and settings\Auto Tag Cleaner\CTIntrfu.dll
    2005-03-07 00:00 23,552 ----a-w c:\documents and settings\creative\CTRegSvu.exe
    2005-03-07 00:00 23,552 ------w c:\documents and settings\Auto Tag Cleaner\CTRegSvu.exe
    2005-02-26 13:12 102,400 ------w c:\documents and settings\Auto Tag Cleaner\DXFingerprint.dll
    2004-12-15 06:44 102,400 ----a-w c:\documents and settings\creative\ModeHlp.dll
    2004-09-20 08:09 86,016 ------w c:\documents and settings\Auto Tag Cleaner\CTXMLPsu.dll
    2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdflnk.exe
    2001-06-19 17:00 28,672 ------w c:\documents and settings\Manual\CTPdfErr.exe
    2008-08-30 09:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Steam"="c:\program files\steam\steam.exe" [2008-12-19 1410296]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "RGSC"="f:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-21 306088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-10 20480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Clem\Menu D‚marrer\Programmes\D‚marrage\
    Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\187a6b0c511]
    2008-12-22 12:53 135168 c:\windows\system32\dskquota32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\dskquota32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\K!TV\\K!TV.exe"=
    "c:\\Program Files\\MyFreeTV\\MyFreeTV.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\day of defeat source\\hl2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\insurgency\\hl2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\__semper__\\age of chivalry\\hl2.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\mIRC GMS\\mIRC.exe"=
    "f:\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "f:\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
    "f:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-12 1121536]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-12 93696]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2008-07-21 152576]

    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://lo.st
    uInternet Connection Wizard,ShellNext = hxxp://ati.amd.com/online/cccwelcome/registration.asp?id=1
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
    hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
    c:\windows\Downloaded Program Files\sysreqlab.osd
    FF - ProfilePath - c:\documents and settings\Clem\Application Data\Mozilla\Firefox\Profiles\ajiadmda.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-22 17:34:09
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\System32\dskquota32.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(780)
    c:\windows\System32\dskquota32.dll
    .
    Heure de fin: 2008-12-22 17:34:40
    ComboFix-quarantined-files.txt 2008-12-22 16:34:35

    Avant-CF: 38 222 835 712 octets libres
    Après-CF: 39,130,976,256 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

    265 --- E O F --- 2008-12-19 02:00:49


    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:00, on 2008-12-23
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/online/cccwelcome/registration.asp?i...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 75.152.52.202 L2authd.lineage2.com
    O1 - Hosts: 75.152.52.202 L2testauthd.lineage2.com
    O1 - Hosts: iptonserverenquestions L2authd.lineage2.com
    O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
    O1 - Hosts: lns-bzn-50f-62-147-183-248.adsl.proxad.net
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [RGSC] F:\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 9072 bytes



    Je ne suis pas sur que le rapport combofix soit le bon mais je n' ai trouvé que celui la!!
    a b 8 Sécurité
    24 Décembre 2008 17:18:39

    Re,

    Télécharge R-Hosts.exe (de S!ri)
    Lance R-Hosts puis clique sur "Restaurer".
    Valide la modification en appuyant sur OK.

    &

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: 187a6b0c511 - C:\WINDOWS\System32\dskquota32.dll (file missing)
    25 Décembre 2008 19:05:24

    Bon et bien: IE remarche, mon PC n' est plus ralentit, plus aucun message de mon anti virus..... Si c' est tout ce que je devait faire et bien je te remercie beaucoup pour ton aide Angeldark!!

    J'espere qu' on ne se reverra pas sinon sa voudrais dire que j' ai de nouveau un probleme!! ^^

    Mais merci bien en tout cas!!
    a b 8 Sécurité
    26 Décembre 2008 13:34:25

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS