Se connecter / S'enregistrer
Votre question

Virumonde.dll

Tags :
  • Dll
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Octobre 2008 13:40:09

Bonjour tous le monde ....

J'ai attrapé un virus qui s'appelle virtumonde.dll selon spybot .

Que dois-je faire ?

J'ai fais des rapports Hijackthis et comboFix que je vous mettrez après .

Mais que dois-je reellement faire pour qu'il parte ?

Merci d'avance ...

Autres pages sur : virumonde dll

30 Octobre 2008 13:41:42

Excusez moi le virus s'appele Virtumonde.dll et non virumonde.dll

Pardon .
30 Octobre 2008 13:42:07

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:19, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C1DA696-398F-4265-9404-0E375BF117EE} - C:\WINDOWS\system32\byXRhHYQ.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Logiciel\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: yfnrxa.dll
O20 - Winlogon Notify: byXRhHYQ - C:\WINDOWS\SYSTEM32\byXRhHYQ.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6486 bytes
30 Octobre 2008 13:54:42

rapport comboFix :

ComboFix 08-10-30.04 - Administrateur 2008-10-30 12:54:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1488 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dlowvz.dll.vir
C:\WINDOWS\system32\durjbuxj.dll.vir
C:\WINDOWS\system32\nefnkefd.dll.vir
C:\WINDOWS\system32\onlyqplt.dll
C:\WINDOWS\system32\tpkvwt.dll.vir
C:\WINDOWS\system32\yfnrxa.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.

2008-10-30 12:45 . 2008-10-30 12:45 <REP> d-------- C:\Program Files\Trend Micro
2008-10-30 00:37 . 2008-10-30 12:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 00:31 . 2008-10-30 00:31 244,224 --a------ C:\WINDOWS\system32\fccBRJCR.dll.vir
2008-10-30 00:28 . 2008-10-30 00:30 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-10-30 00:28 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-30 00:28 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-30 00:28 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-30 00:28 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-30 00:28 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-30 00:21 . 2008-10-30 00:41 <REP> d-------- C:\Program Files\a-squared Free
2008-10-29 16:56 . 2008-10-30 00:24 12,725 --ahs---- C:\WINDOWS\system32\RAHjkUtv.ini
2008-10-29 16:51 . 2008-10-29 16:51 34,304 --a------ C:\WINDOWS\system32\ljJCvwwV.dll
2008-10-29 16:51 . 2008-10-29 16:51 34,304 --a------ C:\WINDOWS\system32\byXRhHYQ.dll
2008-10-27 23:11 . 2008-10-27 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\WINDOWS\USB Vibration
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\Program Files\USB Vibration
2008-10-24 22:08 . 2008-10-24 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Program Files\NOS
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-22 15:52 . 2008-10-22 15:52 <REP> d-------- C:\Program Files\BoontyGames
2008-10-20 17:32 . 2008-10-27 22:48 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-20 17:31 . 2008-10-20 17:31 <REP> d-------- C:\Program Files\Camtech
2008-10-20 17:31 . 2001-09-03 06:52 766 --a------ C:\WINDOWS\win98Logo.ico
2008-10-18 11:15 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbser.sys
2008-10-18 11:11 . 2007-08-09 09:13 <REP> d-------- C:\Qualcomm USB Treiber
2008-10-18 10:49 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
2008-10-16 17:43 . 2008-10-16 17:43 <REP> d-------- C:\Program Files\Java
2008-10-16 17:43 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:42 . 2008-10-16 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 11:13 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-10-15 10:44 . 2008-10-15 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 16:56 . 2008-10-30 12:10 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-07 15:14 . 2008-10-07 15:14 268 --ah----- C:\sqmdata02.sqm
2008-10-07 15:14 . 2008-10-07 15:14 244 --ah----- C:\sqmnoopt02.sqm
2008-09-26 17:04 . 2008-09-26 17:04 236 --a------ C:\sqmdata01.sqm
2008-09-26 17:04 . 2008-09-26 17:04 200 --a------ C:\sqmnoopt01.sqm
2008-09-25 19:24 . 2008-09-26 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Tracing
2008-09-25 19:23 . 2008-09-25 19:23 <REP> d-------- C:\Program Files\Microsoft
2008-09-25 19:20 . 2008-09-25 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-09-24 15:50 . 2008-09-24 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-09-24 12:09 . 2004-08-03 22:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-22 17:41 . 2008-09-22 17:41 268 --ah----- C:\sqmdata00.sqm
2008-09-22 17:41 . 2008-09-22 17:41 244 --ah----- C:\sqmnoopt00.sqm
2008-09-21 11:12 . 2008-09-21 11:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-09-21 11:11 . 2008-09-21 11:11 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-21 11:05 . 2008-09-21 11:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-09-21 08:18 . 2008-09-21 08:18 <REP> d-------- C:\Program Files\OpenAL
2008-09-21 08:18 . 2008-09-21 08:18 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-21 08:18 . 2008-09-21 08:18 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-21 08:17 . 2008-09-21 08:17 <REP> d-------- C:\WINDOWS\system32\xlive
2008-09-20 23:26 . 2008-09-20 23:26 1,160 --a------ C:\WINDOWS\mozver.dat
2008-09-20 23:23 . 2008-09-20 23:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-17 12:19 . 2008-09-17 12:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-09-17 12:17 . 2008-09-17 12:17 <REP> d-------- C:\Program Files\Logitech
2008-09-17 12:17 . 2008-07-26 16:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-09-17 12:17 . 2008-07-26 16:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-09-17 12:07 . 2008-07-26 16:22 2,570,520 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-09-17 12:06 . 2008-09-17 12:18 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-17 12:06 . 2008-09-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-17 12:06 . 2008-09-17 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-12 17:25 . 2008-09-13 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-09-11 17:55 . 2008-09-11 17:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-09-11 17:21 . 2008-09-11 17:21 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-09-11 17:21 . 2008-09-11 17:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 20:49 . 2008-09-22 17:30 <REP> d-------- C:\Program Files\Conduit
2008-09-10 20:49 . 2008-09-10 20:49 <REP> d-------- C:\Program Files\Alcohol Soft
2008-09-10 20:47 . 2008-09-10 20:47 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-10 16:19 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-09 17:25 . 2008-10-29 18:04 <REP> d-------- C:\Program Files\Incomplete
2008-09-08 20:52 . 2008-09-08 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 17:06 --------- d-----w C:\Program Files\LimeWire
2008-10-29 17:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-27 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 16:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-26 16:07 --------- d-----w C:\Program Files\Windows Live
2008-09-26 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 12:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 12:07 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-07 11:58 --------- d-----w C:\Program Files\Alwil Software
2008-09-07 11:37 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-07 11:37 --------- d-----w C:\Program Files\NETGEAR
2008-09-07 11:33 --------- d-----w C:\Program Files\My Company Name
2008-09-07 11:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-07 11:12 --------- d-----w C:\Program Files\Attansic
2008-09-07 11:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-07 11:10 --------- d-----w C:\Program Files\Realtek
2008-09-07 11:04 --------- d-----w C:\Program Files\Intel
2008-09-07 10:47 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-07 10:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-07 10:29 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Default User\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Administrateur\DelA03.bat
2008-09-07 10:29 --------- d-----w C:\Program Files\MSBuild
2008-09-07 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-07 10:25 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
2008-09-07 10:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-07 10:23 --------- d-----w C:\Program Files\Services en ligne
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\system32\LVCodec2.dll
2008-07-26 14:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-04-06 09:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-19 17:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 17:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.

------- Sigcheck -------

2007-12-31 14:13 360704 823014a2caa32553b111c8adf9a6e327 C:\WINDOWS\system32\drivers\tcpip.sys

2008-09-07 11:47 506368 048cb871e6f98e41f072b85c67c30925 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C1DA696-398F-4265-9404-0E375BF117EE}]
2008-10-29 16:51 34304 --a------ C:\WINDOWS\system32\byXRhHYQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"SpybotSD TeaTimer"="D:\Logiciel\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 81920]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Administrateur\Recent\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 4517888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9C1DA696-398F-4265-9404-0E375BF117EE}"= "C:\WINDOWS\system32\byXRhHYQ.dll" [2008-10-29 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRhHYQ]
2008-10-29 16:51 34304 C:\WINDOWS\system32\byXRhHYQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yfnrxa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Jeux\\kane et lynch\\kaneandlynch.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Jeux\\Test drive unlimited\\TDU\\TestDriveUnlimited.exe"=
"D:\\Jeux\\pes 2009\\pes2009.exe"=

R0 MV61XX;MV61XX;C:\WINDOWS\system32\drivers\MV61XX.sys [2007-12-31 91520]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-10 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-10 59632]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3D60CE7A-2ADC-4362-B09B-F16C18F6D697} - (no file)
BHO-{41df032a-9ddb-4a5c-8adb-277bb0248f7f} - C:\WINDOWS\system32\yfnrxa.dll
BHO-{873AC35F-F3CD-4786-B1C3-7DC665DE5FF6} - (no file)
HKCU-Run-Steam - D:\Jeux\counter\Steam.exe
HKLM-Run-SoftickPPP - D:\Logiciel\PPP\Bin\PPPGate.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\vren20yl.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 13:00:26
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRhHYQ.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 13:02:39 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-10-30 12:02:34

Avant-CF: 16,174,751,744 octets libres
Après-CF: 16,189,157,376 octets libres

259
30 Octobre 2008 14:09:07

Salut Kevin, installe spybot, mets le à jour et vaccine ton systeme.

Installe aussi antimalwarebytes :) 

30 Octobre 2008 14:35:46

rapport de antimalwarebytes :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1340
Windows 5.1.2600 Service Pack 2

30/10/2008 14:35:36
mbam-log-2008-10-30 (14-35-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 57510
Temps écoulé: 11 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMcbxUl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eoqjhmpn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXRhHYQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\glccgjcw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\erjclp.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c1da696-398f-4265-9404-0e375bf117ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxrhhyq (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c1da696-398f-4265-9404-0e375bf117ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9f59b06-3455-4242-bb4f-2cc07e3f7afa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9f59b06-3455-4242-bb4f-2cc07e3f7afa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c1da696-398f-4265-9404-0e375bf117ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f9f59b06-3455-4242-bb4f-2cc07e3f7afa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c402443b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c1da696-398f-4265-9404-0e375bf117ee} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomcbxul -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomcbxul -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\byXRhHYQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\erjclp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eoqjhmpn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npmhjqoe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcbxUl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lUxbcMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lUxbcMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glccgjcw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZG8IJRIJ\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZG8IJRIJ\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dlowvz.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\durjbuxj.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nefnkefd.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\onlyqplt.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpkvwt.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfnrxa.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19C8DB49-C4FC-4C52-A88C-7E7C2BA7A86D}\RP2\A0000098.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{19C8DB49-C4FC-4C52-A88C-7E7C2BA7A86D}\RP2\A0000099.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCvwwV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccBRJCR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
30 Octobre 2008 15:17:00

Bon on dirait que c'est positif ;) 
a b 8 Sécurité
30 Octobre 2008 18:27:23

Salut,

Reposte un rapport Hijackthis.

@KS : ce genre d'infection est assez complexe, pas certain qu'un simple scan MBAM corrige tout. Donc si tu postes dans ces sujets, préviens moi par MP. On veut effectuer la meilleure désinfection possible. Si tu veux apprendre plus, on peux te proposer une formation.
30 Octobre 2008 19:15:41

Bah en fait j'avais virtumonde et AMB l'a viré, désolé :spamafote: 
a b 8 Sécurité
30 Octobre 2008 19:49:48

Vundo n'est jamais complètement viré avec MBAM ;) 
30 Octobre 2008 19:51:46

Je confirme que c'est une belle saleté. J'ai dû recourir à hijack aussi si je me souviens bien :) 
30 Octobre 2008 20:48:37

Merci beaucoup pour vos reponses !!!
Il a l'air d'etre plus la ^^
Et comme tu me l'a demandé angeldark tien mon rapport :
30 Octobre 2008 20:48:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:24, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {3D60CE7A-2ADC-4362-B09B-F16C18F6D697} - (no file)
O2 - BHO: (no name) - {41df032a-9ddb-4a5c-8adb-277bb0248f7f} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {873AC35F-F3CD-4786-B1C3-7DC665DE5FF6} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C1DA696-398F-4265-9404-0E375BF117EE} - (no file)
O2 - BHO: (no name) - {C2EBFBAE-6C4B-4F6D-AEF9-E9B7CD31549F} - C:\WINDOWS\system32\qoMcbxUl.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Logiciel\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] D:\Jeux\counter\Steam.exe -silent
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Logiciel\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: yfnrxa.dll erjclp.dll
O20 - Winlogon Notify: byXRhHYQ - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7014 bytes
a b 8 Sécurité
30 Octobre 2008 20:57:24

Refais un scan Combofix, on va voir ce qu'il reste.
30 Octobre 2008 21:50:04

Comme tu me l'as demandé :
30 Octobre 2008 21:50:10

ComboFix 08-10-30.09 - Administrateur 2008-10-30 21:00:29.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1529 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.

2008-10-30 14:31 . 2008-10-30 14:31 95 --a------ C:\WINDOWS\wininit.ini
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-30 14:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 14:23 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 12:45 . 2008-10-30 12:45 <REP> d-------- C:\Program Files\Trend Micro
2008-10-30 00:37 . 2008-10-30 12:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 00:28 . 2008-10-30 00:30 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-10-30 00:28 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-30 00:28 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-30 00:28 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-30 00:28 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-30 00:28 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-30 00:21 . 2008-10-30 00:41 <REP> d-------- C:\Program Files\a-squared Free
2008-10-29 16:56 . 2008-10-30 00:24 12,725 --ahs---- C:\WINDOWS\system32\RAHjkUtv.ini
2008-10-27 23:11 . 2008-10-27 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\WINDOWS\USB Vibration
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\Program Files\USB Vibration
2008-10-24 22:08 . 2008-10-24 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Program Files\NOS
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-22 15:52 . 2008-10-22 15:52 <REP> d-------- C:\Program Files\BoontyGames
2008-10-20 17:32 . 2008-10-30 15:09 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-20 17:31 . 2008-10-20 17:31 <REP> d-------- C:\Program Files\Camtech
2008-10-20 17:31 . 2001-09-03 06:52 766 --a------ C:\WINDOWS\win98Logo.ico
2008-10-18 11:15 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbser.sys
2008-10-18 11:11 . 2007-08-09 09:13 <REP> d-------- C:\Qualcomm USB Treiber
2008-10-18 10:49 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
2008-10-16 17:43 . 2008-10-16 17:43 <REP> d-------- C:\Program Files\Java
2008-10-16 17:43 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:42 . 2008-10-16 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 11:13 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-10-15 10:44 . 2008-10-30 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 16:56 . 2008-10-30 12:10 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-07 15:14 . 2008-10-07 15:14 268 --ah----- C:\sqmdata02.sqm
2008-10-07 15:14 . 2008-10-07 15:14 244 --ah----- C:\sqmnoopt02.sqm
2008-09-26 17:04 . 2008-09-26 17:04 236 --a------ C:\sqmdata01.sqm
2008-09-26 17:04 . 2008-09-26 17:04 200 --a------ C:\sqmnoopt01.sqm
2008-09-25 19:24 . 2008-09-26 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Tracing
2008-09-25 19:23 . 2008-09-25 19:23 <REP> d-------- C:\Program Files\Microsoft
2008-09-25 19:20 . 2008-09-25 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-09-24 15:50 . 2008-09-24 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-09-24 12:09 . 2004-08-03 22:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-22 17:41 . 2008-09-22 17:41 268 --ah----- C:\sqmdata00.sqm
2008-09-22 17:41 . 2008-09-22 17:41 244 --ah----- C:\sqmnoopt00.sqm
2008-09-21 11:12 . 2008-09-21 11:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-09-21 11:11 . 2008-09-21 11:11 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-21 11:11 . 2008-07-23 17:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-21 11:11 . 2008-07-04 07:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-21 11:11 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-21 11:11 . 2008-07-25 09:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-21 11:11 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-21 11:11 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-21 11:11 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-21 11:11 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-21 11:11 . 2008-07-25 09:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-21 11:11 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-21 11:11 . 2008-07-30 20:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-21 11:05 . 2008-09-21 11:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-09-21 08:18 . 2008-09-21 08:18 <REP> d-------- C:\Program Files\OpenAL
2008-09-21 08:18 . 2008-09-21 08:18 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-21 08:18 . 2008-09-21 08:18 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-21 08:17 . 2008-09-21 08:17 <REP> d-------- C:\WINDOWS\system32\xlive
2008-09-20 23:26 . 2008-09-20 23:26 1,160 --a------ C:\WINDOWS\mozver.dat
2008-09-20 23:23 . 2008-09-20 23:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-17 12:19 . 2008-09-17 12:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-09-17 12:17 . 2008-09-17 12:17 <REP> d-------- C:\Program Files\Logitech
2008-09-17 12:17 . 2008-07-26 16:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-09-17 12:17 . 2008-07-26 16:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-09-17 12:07 . 2008-07-26 16:22 2,570,520 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-09-17 12:06 . 2008-09-17 12:18 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-17 12:06 . 2008-09-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-17 12:06 . 2008-09-17 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-12 17:25 . 2008-09-13 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-09-11 17:55 . 2008-09-11 17:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-09-11 17:21 . 2008-09-11 17:21 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-09-11 17:21 . 2008-09-11 17:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 20:49 . 2008-09-22 17:30 <REP> d-------- C:\Program Files\Conduit
2008-09-10 20:49 . 2008-09-10 20:49 <REP> d-------- C:\Program Files\Alcohol Soft
2008-09-10 20:47 . 2008-09-10 20:47 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-10 16:19 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-09 17:25 . 2008-10-29 18:04 <REP> d-------- C:\Program Files\Incomplete
2008-09-08 20:52 . 2008-09-08 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 17:06 --------- d-----w C:\Program Files\LimeWire
2008-10-29 17:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-27 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 16:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-26 16:07 --------- d-----w C:\Program Files\Windows Live
2008-09-26 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 12:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 12:07 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-07 11:58 --------- d-----w C:\Program Files\Alwil Software
2008-09-07 11:37 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-07 11:37 --------- d-----w C:\Program Files\NETGEAR
2008-09-07 11:33 --------- d-----w C:\Program Files\My Company Name
2008-09-07 11:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-07 11:12 --------- d-----w C:\Program Files\Attansic
2008-09-07 11:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-07 11:10 --------- d-----w C:\Program Files\Realtek
2008-09-07 11:04 --------- d-----w C:\Program Files\Intel
2008-09-07 10:47 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-07 10:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-07 10:29 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Default User\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Administrateur\DelA03.bat
2008-09-07 10:29 --------- d-----w C:\Program Files\MSBuild
2008-09-07 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-07 10:25 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
2008-09-07 10:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-07 10:23 --------- d-----w C:\Program Files\Services en ligne
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\system32\LVCodec2.dll
2008-07-26 14:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-04-06 09:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-19 17:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 17:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.

------- Sigcheck -------

2007-12-31 14:13 360704 823014a2caa32553b111c8adf9a6e327 C:\WINDOWS\system32\drivers\tcpip.sys

2008-09-07 11:47 506368 048cb871e6f98e41f072b85c67c30925 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_13.02.15.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-26 06:25:24 109,080 ----a-w C:\WINDOWS\Temp\logishrd\LVPrcInj02.dll
+ 2008-10-30 13:38:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"SpybotSD TeaTimer"="D:\Logiciel\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Steam"="D:\Jeux\counter\Steam.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 81920]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Administrateur\Recent\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 4517888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yfnrxa.dll erjclp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Jeux\\kane et lynch\\kaneandlynch.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Jeux\\Test drive unlimited\\TDU\\TestDriveUnlimited.exe"=
"D:\\Jeux\\pes 2009\\pes2009.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S0 MV61XX;MV61XX;C:\WINDOWS\system32\drivers\MV61XX.sys [2007-12-31 91520]
S3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-10 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-10 59632]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3D60CE7A-2ADC-4362-B09B-F16C18F6D697} - (no file)
BHO-{41df032a-9ddb-4a5c-8adb-277bb0248f7f} - (no file)
BHO-{873AC35F-F3CD-4786-B1C3-7DC665DE5FF6} - (no file)
BHO-{9C1DA696-398F-4265-9404-0E375BF117EE} - (no file)
BHO-{C2EBFBAE-6C4B-4F6D-AEF9-E9B7CD31549F} - C:\WINDOWS\system32\qoMcbxUl.dll
Notify-byXRhHYQ - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\vren20yl.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 21:04:11
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-30 21:04:41
ComboFix-quarantined-files.txt 2008-10-30 20:04:39
ComboFix2.txt 2008-10-30 12:02:41

Avant-CF: 16,106,045,440 octets libres
Après-CF: 16,117,714,944 octets libres

241
a b 8 Sécurité
31 Octobre 2008 13:59:11

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\RAHjkUtv.ini


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
31 Octobre 2008 14:02:18

Ouah l'animation et tout :sol: 
a b 8 Sécurité
31 Octobre 2008 14:07:56

Ouai on a des moyens :D 
31 Octobre 2008 14:56:23

D'accord . Mais lorsque je met les guillemets sa ne marche pas !!

Donc tien mais c'est sans les guillemets :
31 Octobre 2008 14:56:30

ComboFix 08-10-30.12 - Administrateur 2008-10-31 14:53:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1590 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))
.

2008-10-30 14:31 . 2008-10-30 14:31 95 --a------ C:\WINDOWS\wininit.ini
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 14:23 . 2008-10-30 14:23 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-30 14:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 14:23 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 12:45 . 2008-10-30 12:45 <REP> d-------- C:\Program Files\Trend Micro
2008-10-30 00:37 . 2008-10-30 12:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 00:28 . 2008-10-30 00:30 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-30 00:28 . 2008-10-30 00:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-10-30 00:28 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-30 00:28 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-30 00:28 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-30 00:28 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-30 00:28 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-30 00:21 . 2008-10-30 00:41 <REP> d-------- C:\Program Files\a-squared Free
2008-10-29 16:56 . 2008-10-30 00:24 12,725 --ahs---- C:\WINDOWS\system32\RAHjkUtv.ini
2008-10-27 23:11 . 2008-10-27 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\WINDOWS\USB Vibration
2008-10-27 17:35 . 2008-10-27 17:35 <REP> d-------- C:\Program Files\USB Vibration
2008-10-24 22:08 . 2008-10-24 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Program Files\NOS
2008-10-24 22:06 . 2008-10-25 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-22 15:52 . 2008-10-22 15:52 <REP> d-------- C:\Program Files\BoontyGames
2008-10-20 17:32 . 2008-10-31 00:00 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-20 17:31 . 2008-10-20 17:31 <REP> d-------- C:\Program Files\Camtech
2008-10-20 17:31 . 2001-09-03 06:52 766 --a------ C:\WINDOWS\win98Logo.ico
2008-10-18 11:15 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbser.sys
2008-10-18 11:11 . 2007-08-09 09:13 <REP> d-------- C:\Qualcomm USB Treiber
2008-10-18 10:49 . 2003-03-10 23:12 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
2008-10-16 17:43 . 2008-10-16 17:43 <REP> d-------- C:\Program Files\Java
2008-10-16 17:43 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:42 . 2008-10-16 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 11:13 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-10-15 10:44 . 2008-10-30 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 16:56 . 2008-10-30 12:10 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-07 15:14 . 2008-10-07 15:14 268 --ah----- C:\sqmdata02.sqm
2008-10-07 15:14 . 2008-10-07 15:14 244 --ah----- C:\sqmnoopt02.sqm
2008-09-26 17:04 . 2008-09-26 17:04 236 --a------ C:\sqmdata01.sqm
2008-09-26 17:04 . 2008-09-26 17:04 200 --a------ C:\sqmnoopt01.sqm
2008-09-25 19:24 . 2008-09-26 17:03 <REP> d-------- C:\Documents and Settings\Administrateur\Tracing
2008-09-25 19:23 . 2008-09-25 19:23 <REP> d-------- C:\Program Files\Microsoft
2008-09-25 19:20 . 2008-09-25 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-09-24 15:50 . 2008-09-24 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-09-24 12:09 . 2004-08-03 22:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-22 17:41 . 2008-09-22 17:41 268 --ah----- C:\sqmdata00.sqm
2008-09-22 17:41 . 2008-09-22 17:41 244 --ah----- C:\sqmnoopt00.sqm
2008-09-21 11:12 . 2008-09-21 11:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-09-21 11:11 . 2008-09-21 11:11 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-21 11:11 . 2008-07-23 17:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-21 11:11 . 2008-07-04 07:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-21 11:11 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-21 11:11 . 2008-07-25 09:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-21 11:11 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-21 11:11 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-21 11:11 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-21 11:11 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-21 11:11 . 2008-07-25 09:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-21 11:11 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-21 11:11 . 2008-07-30 20:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-21 11:05 . 2008-09-21 11:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-09-21 08:18 . 2008-09-21 08:18 <REP> d-------- C:\Program Files\OpenAL
2008-09-21 08:18 . 2008-09-21 08:18 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-21 08:18 . 2008-09-21 08:18 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-21 08:17 . 2008-09-21 08:17 <REP> d-------- C:\WINDOWS\system32\xlive
2008-09-20 23:26 . 2008-09-20 23:26 1,160 --a------ C:\WINDOWS\mozver.dat
2008-09-20 23:23 . 2008-09-20 23:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-17 12:19 . 2008-09-17 12:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-09-17 12:17 . 2008-09-17 12:17 <REP> d-------- C:\Program Files\Logitech
2008-09-17 12:17 . 2008-07-26 16:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-09-17 12:17 . 2008-07-26 16:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-09-17 12:09 . 2004-08-03 22:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-09-17 12:09 . 2004-08-03 21:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-09-17 12:07 . 2008-07-26 16:22 2,570,520 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-09-17 12:06 . 2008-09-17 12:18 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-09-17 12:06 . 2008-09-17 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-17 12:06 . 2008-09-17 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-12 17:25 . 2008-09-13 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-09-11 17:55 . 2008-09-11 17:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SPORE
2008-09-11 17:37 . 2008-09-11 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-09-11 17:21 . 2008-09-11 17:21 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-09-11 17:21 . 2008-09-11 17:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 20:49 . 2008-09-22 17:30 <REP> d-------- C:\Program Files\Conduit
2008-09-10 20:49 . 2008-09-10 20:49 <REP> d-------- C:\Program Files\Alcohol Soft
2008-09-10 20:47 . 2008-09-10 20:47 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-10 16:19 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-09 17:25 . 2008-10-30 23:58 <REP> d-------- C:\Program Files\Incomplete
2008-09-08 20:52 . 2008-09-08 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 00:13 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-30 23:01 --------- d-----w C:\Program Files\LimeWire
2008-10-27 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 16:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-26 16:07 --------- d-----w C:\Program Files\Windows Live
2008-09-26 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 12:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 12:07 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-07 11:58 --------- d-----w C:\Program Files\Alwil Software
2008-09-07 11:37 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-07 11:37 --------- d-----w C:\Program Files\NETGEAR
2008-09-07 11:33 --------- d-----w C:\Program Files\My Company Name
2008-09-07 11:32 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-07 11:12 --------- d-----w C:\Program Files\Attansic
2008-09-07 11:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-07 11:10 --------- d-----w C:\Program Files\Realtek
2008-09-07 11:04 --------- d-----w C:\Program Files\Intel
2008-09-07 10:47 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-07 10:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-07 10:29 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Default User\DelA03.bat
2008-09-07 10:29 86 ----a-w C:\Documents and Settings\Administrateur\DelA03.bat
2008-09-07 10:29 --------- d-----w C:\Program Files\MSBuild
2008-09-07 10:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-07 10:25 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
2008-09-07 10:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-07 10:23 --------- d-----w C:\Program Files\Services en ligne
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\system32\LVCodec2.dll
2008-07-26 14:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-04-06 09:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-19 17:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 17:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.

------- Sigcheck -------

2007-12-31 14:13 360704 823014a2caa32553b111c8adf9a6e327 C:\WINDOWS\system32\drivers\tcpip.sys

2008-09-07 11:47 506368 048cb871e6f98e41f072b85c67c30925 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_13.02.15.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-26 06:25:24 109,080 ----a-w C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
+ 2008-10-31 11:13:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"SpybotSD TeaTimer"="D:\Logiciel\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Steam"="D:\Jeux\counter\Steam.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 81920]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Administrateur\Recent\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 4517888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRhHYQ]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yfnrxa.dll erjclp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Jeux\\kane et lynch\\kaneandlynch.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Jeux\\Test drive unlimited\\TDU\\TestDriveUnlimited.exe"=
"D:\\Jeux\\pes 2009\\pes2009.exe"=

R0 MV61XX;MV61XX;C:\WINDOWS\system32\drivers\MV61XX.sys [2007-12-31 91520]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-10 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-10 59632]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3D60CE7A-2ADC-4362-B09B-F16C18F6D697} - (no file)
BHO-{41df032a-9ddb-4a5c-8adb-277bb0248f7f} - (no file)
BHO-{873AC35F-F3CD-4786-B1C3-7DC665DE5FF6} - (no file)
BHO-{9C1DA696-398F-4265-9404-0E375BF117EE} - (no file)
BHO-{C2EBFBAE-6C4B-4F6D-AEF9-E9B7CD31549F} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 14:54:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-31 14:54:38
ComboFix-quarantined-files.txt 2008-10-31 13:54:36
ComboFix2.txt 2008-10-30 20:04:42
ComboFix3.txt 2008-10-30 12:02:41

Avant-CF: 15 626 137 600 octets libres
Après-CF: 15,618,633,728 octets libres

240
a b 8 Sécurité
31 Octobre 2008 15:10:51

Supprime ce fichier alors :
C:\WINDOWS\system32\RAHjkUtv.ini
31 Octobre 2008 19:10:40

Ce fichier n'existe pas ! ?
a b 8 Sécurité
31 Octobre 2008 19:28:28

Tu as accès aux fichiers cachés ?
31 Octobre 2008 19:32:30

Ha je sais pas comment on fais pour le savoir ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS